-the management ips of WLCs don't matter. What matters for layer 3 roaming is the subnet in which the dynamic interfaces (the interface of the SSID) are.
So if your 2 WLCs have the same range for the SSID interface it's a layer 2 roaming.
-For layer 3 roaming, it's always always a good thing to enable "symmetric mobility tunneling". So good that in last releases it's even impossible to make it non-symmetric. This is in the mobility options on the WLC and requires a reboot to take effect. to be enabled on all WLCs.
-From there if there are still problems, we'd need you to clarify what is happening (loss of RF connection ?=> coverage hole. Change of ip address ? => layer 3 handover issue).
We'd then need a "Debug client " taken on both wlc simultaneously showing a phone failing to move from one to the other.
WLC1 has the SSID "employees" linked to interface "emp_int" which has ip 192.168.50.2
WLC2 has the SSID "employees" linked to interface "employee_int" which has ip 192.168.80.2
In this case, we have layer 3 roaming. Meaning that normally the client would need to change its ip from 192.168.50.x to 192.168.80.x but thanks to mobility anchoring mechanism, the WLC2 forwards all traffic back to WLC1 so that the client can keep its ip address in 192.168.50.x
If the situation was that both employee interfaces were in the 192.168.50.x on both WLCs, then we would have layer 2 roaming. Meaning the client entry is simply moved to WLC2 and WLC2 handles all the traffic. WLC1 has nothing to do anymore with this client.
conclusion : the ip addresses of the management interfaces don't matter to decide if it's layer 2 or 3 roaming, it's the ip of the dynamic interface of SSID which matters
The controllers should be in the same mobility groups, for one. Another thing to check in the mobility configuration, is to make sure they are set for Symmetric tunneling. in 4.2 this was still an option, this setting must match for the roams to work properly.
The difference between symmetric and asymmetric tunneling:
device is on WLCA, then roams to WLCB. In asymmetric tunneling, the device traffic will egress from WLCB, but ingress on WLCA. If RPF checks have been enabled, this can break the device being able to pass traffic.
In symmetric tunneling, the device roams to WLCB, and all traffic, both ingress and egress are from WLCA. All traffic from the client passes across the mobiltiy tunnel, so RPF is not an issue.
In later code, we are set for symmetric, and are unable to change it. I believe that in the 7921/25 Deployment Guides, it is recommended to use symmetric tunneling if the choice is available.
Please remember to rate useful posts, and mark questions as answered
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...