This problem is documented in Cisco bug ID CSCse30752.
In order to resolve this issue, complete these steps:
Remove the Dynamic Host Configuration Protocol (DHCP) snooping on the tunnel interfaces.
Ensure the mobility trust is obtained.
On the DHCP server, make sure that it verifies the IP addresses before it assigns them.
For example, in a DHCP server in Microsoft Windows 2003, configure it with these steps:
Choose Administrative tools > DHCP server.
Right-click the server name.
Choose two for the Conflict Detection Attempts.
Now, assume interface tunnel 3 is configured for the access point (AP) on the Cat6K switches and that the AP is in Virtual LAN (VLAN) 3.
This configuration must exist on the Cat6K switches:
Interface vlan 3 standby 1 ip . standby 1 priority 105 standby 1 preempt standby 1 track tunnel 3 10 !--- Decrements of 10 the priority if tunnel 3 deactivates, and it deactivates if there is a WLSM switch.
Interface vlan 3 standby 1 ip standby 1 preempt !--- Preempts the active HSRP role if its priority becomes higher than the neighbor.
With this configuration, when the WLSM on the Active Cat6K fails, the tunnel interface 3 on the Active Cat6K deactivates, which triggers the standby priority for the VLAN 3 on the Active Cat6K to decrement by ten and become 95, which is less than the standby priority on the standby Cat6K, which is 100 by default. This results in the activation of the VLAN 3 on the standby Cat6K and the VLAN 3 on the Active Cat6K goes to standby mode.