Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

GUest WLAN with Anchor WLC - roaming problems

Hello,

my wireless network consists in 3 WLC 4402 which manage 40 APs.

I have a fourth WLC which I installed on my DMZ for guest vlan anchoring and web autentication.

Everiting works fine but I have a problem:

If my client associates with an AP and then I authenticate I'm ready to make traffic. As soon as my client roams to an AP managed by a differnt WLC I need to authenticate again. If I roam back to the first AP i need to reauthenticate.

In my guest WLAN I use WEB authentication provided by the internal web server of the Anchor WLC.

Thnks everybody

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

Here is my findings I have attached. This should fix your issue. Fisrt thing to do is change the VIP of wlc1, wlc2 and wlc3 to 1.1.1.1 and then reboot the wlc's. You can keep the wlcanchor VIP as 1.1.1.4. Look at the other suggestions I posted.

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

On the WLAN said, change the session timeout to what you require. That should fix the issue you are having.

-Scott
*** Please rate helpful posts ***
16 REPLIES
Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

Did you setup your mobility groups and verify that the control path and data paths are up. In the wlc run a show mobility summay. Do this on allyour wlc's and your guest anchor. Also if you enable symetric mobility tunnel, then make sure you have that enabled on all your wlc's

-Scott
*** Please rate helpful posts ***
Community Member

Re: GUest WLAN with Anchor WLC - roaming problems

Here are the output of show mobility summary.

The last WLC is the anchor.

WLC1

Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... mob1

Multicast Mode .................................. Disabled

Mobility Domain ID for 802.11r................... 0x392f

Mobility Keepalive Interval...................... 10

Mobility Keepalive Count......................... 3

Mobility Group Members Configured................ 2

Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group

MAC Address IP Address Group Name Multicast IP Sta

tus

00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up

00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up

WLC2

Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... mob1

Multicast Mode .................................. Disabled

Mobility Domain ID for 802.11r................... 0x392f

Mobility Keepalive Interval...................... 10

Mobility Keepalive Count......................... 3

Mobility Group Members Configured................ 2

Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group

MAC Address IP Address Group Name Multicast IP Sta

tus

00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up

00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up

WLC3

Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... mob1

Multicast Mode .................................. Disabled

Mobility Domain ID for 802.11r................... 0x392f

Mobility Keepalive Interval...................... 10

Mobility Keepalive Count......................... 3

Mobility Group Members Configured................ 2

Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group

MAC Address IP Address Group Name Multicast IP Sta

tus

00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up

00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up

WLCAnchor

(Cisco Controller) >show mobility summary

Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... mob1

Multicast Mode .................................. Disabled

Mobility Domain ID for 802.11r................... 0x392f

Mobility Keepalive Interval...................... 10

Mobility Keepalive Count......................... 3

Mobility Group Members Configured................ 4

Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group

MAC Address IP Address Group Name Multicast IP Sta

tus

00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up

00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up

00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up

00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up

Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

Okay.... well wlc 1, 2 & 3 should all be configured in each others mobility group. The wlan ssid used for guest on WLC 1, 2 & 3 needs to have mobility anchor configured with the WLCAnchor and on the WLCAnchor you need to configure the wlan guest ssid mobility anchor to itself.

Take a look at this doc:

http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1000477

-Scott
*** Please rate helpful posts ***
Community Member

Re: GUest WLAN with Anchor WLC - roaming problems

Ok I made the changes.

Unfortunately the problem is still alive:

If I roam from a WLC to another I need to reauthenticate via WEB.

What am I doing incorrectly?

Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

Can you post your config from the wlcanchor and also two of your wlc's in which you roamed from one to the other. Seems to be a configuration issues somewhere.

-Scott
*** Please rate helpful posts ***
Community Member

Re: GUest WLAN with Anchor WLC - roaming problems

which is the command in CLI to show the whole configuration?

Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

Do a show run-config not a show running-config.

And keep hitting the space bar... it will take a while.

-Scott
*** Please rate helpful posts ***
Community Member

Re: GUest WLAN with Anchor WLC - roaming problems

Here are the configurations of two WLC and 1 anchor WLC.

I can't really find where I'm doing a mistake!

Thank you very much.

Johnny

Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

Let me review the config and I will post my findings.

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

Here is my findings I have attached. This should fix your issue. Fisrt thing to do is change the VIP of wlc1, wlc2 and wlc3 to 1.1.1.1 and then reboot the wlc's. You can keep the wlcanchor VIP as 1.1.1.4. Look at the other suggestions I posted.

-Scott
*** Please rate helpful posts ***
Community Member

Re: GUest WLAN with Anchor WLC - roaming problems

Thank you very, very, very much!

The problem is solved and everithing is ok.

I only would like to ask you my last question:

I upgraded the boot loader to the last version but I don't know what is the ER.

Here is the show version of my WLC, are all firmware up to date?

Thanks again and best regards

Johnny

System Information

Manufacturer's Name......Cisco Systems Inc.

Product Name........ Cisco Controller

Product Version........... 5.1.151.0

RTOS Version........... Linux-2.6.10_mvl401

Bootloader Version.......... 4.2.112.0

Build Type................... DATA + WPS

Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

Glad I could help. It so much easier to look at the config so I'm glad you posted it. There is a 5.0.148.2 BOOT that is the ER, the 4.2.112 is the latest boot image out there. So what you can do is upload to the controller 5.0.148.2 BOOT just so you know you have everything up to date. This will not show up on the sysinfo though, so as long as it shows you that it successfully loaded, you are good.

-Scott
*** Please rate helpful posts ***
Community Member

Re: GUest WLAN with Anchor WLC - roaming problems

Hi,

I have a new issues about web auth.

Now everithing is ok with roaming but now the problem is that randomly after 20 -30 minutes I loose authentication and I need to reauthenticate even if I didn't roam.

Do I Have to open a new topic for this issue?

Thanks and best regards

JOhnny

Hall of Fame Super Silver

Re: GUest WLAN with Anchor WLC - roaming problems

On the WLAN said, change the session timeout to what you require. That should fix the issue you are having.

-Scott
*** Please rate helpful posts ***
Community Member

Re: GUest WLAN with Anchor WLC - roaming problems

Very good,

it works, and it works very well!

Thanks again very, very helpful posts.

Johnny

Community Member

Re: GUest WLAN with Anchor WLC - roaming problems

Hi Scoot, 

 

I also using this kind of deployment (1 foreign and  1 anchor controller for the guest wlan )  and need your advised for the guest client to do roaming and authentication. we also using web authentication pass through.

 

From what i understand here: 

 

1. Disable aggressive load-balancing in both controller ( foreign and anchor) ???

2. Different VIP for the foreign ( 1.1.1.1)  and anchor controller (1.1.1.2) ? 

3. setting session timeout higher so that client no need to do deauthentication again while roaming

what is the best practice for guest wlan session,  

 

Regards.

 

 

2008
Views
0
Helpful
16
Replies
CreatePlease to create content