I'm trying to configure L3 roaming between vWLC and 2500. I configure everything like it should be: the same SSID, same security, interfaces in different VLANs, mobility group established. When I associated client to the WLC1 and then removed it, client associated to the second WLC2 but his IP address changed. When I issue show client detail or show client summ on the WLC1 there is no information about my client but it should be with the information that he is marked as an Anchor.
I run mobility handoff debug - that's what I get from the WLC1 where I disconnected my client:
(Cisco Controller) >*emWeb: Sep 12 01:16:20.705: 18:3d:a2:8f:90:28 2 PMK-remove groupcast messages sent
*mmListen: Sep 12 01:16:21.946: Vlan List payload not found, ignoring ...
*mmListen: Sep 12 01:16:21.946: IP Address don't compare for client 18:3d:a2:8f:90:28 is 0
*mmListen: Sep 12 01:16:21.946: 18:3d:a2:8f:90:28 Ignoring Announce, client record for not found
*mmListen: Sep 12 01:16:22.856: Vlan List payload not found, ignoring ...
*mmListen: Sep 12 01:16:22.856: IP Address don't compare for client 18:3d:a2:8f:90:28 is 0
*mmListen: Sep 12 01:16:22.856: 18:3d:a2:8f:90:28 Ignoring Announce, client record for not found
*mmListen: Sep 12 01:16:23.856: Vlan List payload not found, ignoring ...
*mmListen: Sep 12 01:16:23.856: IP Address don't compare for client 18:3d:a2:8f:90:28 is 0
*mmListen: Sep 12 01:16:23.856: 18:3d:a2:8f:90:28 Ignoring Announce, client record for not found
and output from the same WLC when I now disconnected client form the WLC2:
(Cisco Controller) >*Dot1x_NW_MsgTask_0: Sep 12 01:18:57.705: 18:3d:a2:8f:90:28 Mobility query, PEM State: L2AUTHCOMPLETE
*mmMobility: Sep 12 01:18:58.723: 00:00:00:00:00:00 Mobility packet retry: Peer IP: Groupcast, Anchor IP: 0.0.0.0
*mmMobility: Sep 12 01:18:59.743: 00:00:00:00:00:00 Mobility packet retry: Peer IP: Groupcast, Anchor IP: 0.0.0.0
*apfReceiveTask: Sep 12 01:19:00.763: 18:3d:a2:8f:90:28 Mobile Announce Mip not present
*apfReceiveTask: Sep 12 01:19:00.763: 18:3d:a2:8f:90:28 0.0.0.0 DHCP_REQD (7) mobility role update request from Unassociated to Local
Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.10.40.2
*apfReceiveTask: Sep 12 01:19:00.764: 18:3d:a2:8f:90:28 Mobility Response: IP 0.0.0.0 code Handoff (1), reason Handoff request timed out (7), PEM State RUN, Role Local(1)
Can anyone help me understand where the problem is? I'm also tried the same between two vWLC - the same issue :(
Solved! Go to Solution.
Note These are the guidelines and limitations for this feature:
• Multicast on overridden interfaces is not supported.
• This feature is available only on a per-WLAN basis, where the WLAN is locally switched.
• IPv6 ACLs, CAC, NAC, and IPv6 are not supported.
• IPv4 ACLs are supported only with VLAN-based central switching enabled and applicable only
to central switching clients on the WLAN.
• This feature is applicable to APs in FlexConnect mode in locally switched WLANs.
• This feature is not applicable to APs in Local mode.
• This feature is not supported on APs in FlexConnect mode in centrally switched WLANs.
• This feature is supported on central authentication only.
• This features is not supported on web authentication security clients.
• Layer 3 roaming for local switching clients is not supported.
thx for your replay but to be honest I'm lost :)
you sent me some points describing "Select or unselect the VLAN based Central Switching check box to enable or disable central switching on a locally switched WLAN based on AAA overridden VLAN" from the link you provide.
How this is related with my problem? I don't want to use "Vlan based Central Switching" but normal Intercontroller Roaming.
If any one know why this is not working? Maybe vWLC have some limitation for L3 Roaming?
Today I used 2x 2500 WLC. I've created mobility groups between them, configured two the same SSID on each but with interface in different Vlan.
Unfortunately situation is the same, when I remove my client from WLC1 he connect to the WLC2 and change IP address. in a "sh client summary" or in "sh client detail (MAC)" no information about foreign and anchor controller.
Any idea what can be wrong?
Exactly in the same way like you did in your L2/L3 Roaming post on your blog. I click on the associated client MAC address and click on remove button.
Without doing that can you reduce the power level of AP (if it is lab setup) & move your supplicant to do a real roaming.
Sometime when you remove client forcefully it may be a new association to the other AP.
See what happen in that scenario. Take "debug client <client_mac>" output in both controllers & attached that to your next response.
**** Pls rate all useful responses ****
OK, so I did this. I migrate my test PC between APs and make it to roaming without any client remove from GUI.
In attachment 4 files:
- from WLC-LAB1 - one file with "debug client MAC" and the second with "debug mobility handoff enable"
- the same for WLC-LAB20
I hope this clarify what or where the problem is?
Rasik, thx to your debug I noticed that the problem is related with the IP address on the virtual interfaces. On the WLC-LAB1 I had 22.214.171.124 and on the WLC-LAB20 I had 126.96.36.199. When I change WLC-LAB20 virtual interfaces to 188.8.131.52 I get what I'm looking for - L3 roaming :)
My last question, how should I set virtual interface IP address? Always to 184.108.40.206 on all WLCs?
Yes, you should set same virtual IP address in all your controllers for roaming to work. (even Branch /HQ scenarios as well if you want to do guest tunneling even though no real roaming)
220.127.116.11 is recommended IP in the past, since it is routable IP now, Cisco recommend to use 192.0.2.1 as virtual IP on your WLC.
**** Pls rate all useful responses ****