Foreign to anchor communication broken after FW outage
I managed to bring up a fully functional WLAN guest access including WebAuth, a foreign WLC serving the APs, an anchor WLC in a DMZ behind a FW, considered all the details described in GAccess_41.pdf (hopefully). The deployment even survived the migration from 4.2.61 to 5.0.148, done on both controllers, of course - short: it worked.
I came down to earth as one of the FW boxes of the FW-cluster in between the foreign and the anchor failed and the secondary FW box didn't take over instantly. The connection between foreign and anchor was down for around 5 minutes. After that, my problem began:
The foreign controller showed data connection and control connection to anchor controller up. Anchor controller showed both connections to itself up. Ping, mping and eping worked in both directions.
But for all that the foreign controller did not export the client information to the anchor any longer.
A client associated to the guest WLAN kept on staying in the Mobility State "local" on the foreign WLC (I would have expected "Export Foreign" here?).
I was not able to get the controllers talking to each other again by now - even a simultaneous reboot of both WLCs did not help.
Browsing the forum I found a post mentioning a bug that can be worked around by using the same mobility group for both, foreign and anchor WLC - unfortunately no more details.
Could this help here, too? Or is there an other way to bring up the broken communication again?
Re: Foreign to anchor communication broken after FW outage
indeed, putting both WLCs in the same mobility group fixed the problem for the time being. This setup even came back up again after intentionally breaking and reestablishing the communication between foreign and anchor controller.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...