Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
2
Helpful
4
Replies

Mobility Group Between AirOS and 9800

Go to solution
KyleA
Level 1
Level 1

‎03-26-2024 07:39 PM

Hey all-

TL:DR is mobility group between foreign WLC (AirOS) and anchor WLC (9800) appears to have CONTROL path UP and DATA path down.

Foreign: 5520 on 8.10.185.0 and 8540 on 8.8.125.0

Anchor: 9800 on 17.9.4a

Background: Our enviroment has 10+ foreign WLCs and 4 anchor WLCs. The 3 anchor WLCs still running AirOS have successful mobility groups established with all foreign WLCs. The 4th anchor WLC that I am currently replacing (same exact IP address) with the 9800 appears to establish the Control path but the Data path remains down. I have tried re-establishing the group with/without Hash Key, with/without secure mobility, with/without data encryption - and all of the combinations in between.

The 9800 has a very basic configuration with NTP, SSH, TACACS, GUI set up, using the 4 2.5 GB uplinks as trunk ports to the switch. Static route defined as the gateway for the Wireless Management Interface. Foreign and Anchor can successfully ping each other.

The exact message the keeps appearing from CLI on anchor is: Mar 27 02:07:07.203: %MM_INFRA_LOG-3-RECV_FAILED: Chassis 1 R0/0: mobilityd: Unable to receive mobility message mobile_announce from ipv4: [foreign WLC IP] . reason: Peer link is down

I wouldn't think this is anything FW related as I checked to confirm the proper ports are being allows and it is using the same exact IP address anyway. Desspite Control path appearing to be up... both mping and eping from the foreign AirOS WLC is NOT successful.

Any guidance would be greatly appreciated. I've been at this all day. Any further information needed can be provided.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jerome BERTHIER
Level 1
Level 1

‎03-27-2024 02:15 AM - edited ‎03-27-2024 02:16 AM

Hello

Did you set the mobility mac address on the 9800 ?

Which model of 9800 is it ?

To my understanding, hask key is mandatory only when using 9800-CL. Hardware models use SUDI certificates.

Mobility with 9800 uses UDP ports 16666 and 16667

Secure mobility is mandatory with 9800 so you have to enable it on AireOS side.

Data encryption is optionnal but must be set the same on both sides.

Can you post output from :

- show mobility summary (AireOS foreign)

- show wireless mobility summary (9800 anchor)

Here a documentation : https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_c9800_wireless_controller-aireos_ircm_dg.html#id_85244

Regards

View solution in original post

4 Replies 4

Go to solution
marce1000
VIP
VIP

‎03-27-2024 01:06 AM

 

      >...The exact message the keeps appearing from CLI on anchor is...
          Check logs on the particular foreign controller too when that happens, 

    - Use latest advisory release  ; https://software.cisco.com/download/home/286284738/type/280926587/release/8.10.190.0
       This remains important whether related to the others working or not  , 

    - Have a checkup of the none working controllers' configuration , using WirelessAnalyzer input (procedure) for AireOs controllers
      and feed that output into Wireless Config Analyzer

    -  Regardless of operational states working for the others it is important to the same for the 9800 with  the CLI command show tech wireless and feed the output to : Wireless Config Analyzer

  M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
Jerome BERTHIER
Level 1
Level 1

‎03-27-2024 02:15 AM - edited ‎03-27-2024 02:16 AM

Hello

Did you set the mobility mac address on the 9800 ?

Which model of 9800 is it ?

To my understanding, hask key is mandatory only when using 9800-CL. Hardware models use SUDI certificates.

Mobility with 9800 uses UDP ports 16666 and 16667

Secure mobility is mandatory with 9800 so you have to enable it on AireOS side.

Data encryption is optionnal but must be set the same on both sides.

Can you post output from :

- show mobility summary (AireOS foreign)

- show wireless mobility summary (9800 anchor)

Here a documentation : https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_c9800_wireless_controller-aireos_ircm_dg.html#id_85244

Regards

Go to solution
Kasper Roholt
Level 1
Level 1

‎03-27-2024 06:27 AM

Remember Data encryption on mobility group. We have Wifi-calling issues, until we use encryption (only between aos <-> ios-xe)

0 Helpful

Go to solution
KyleA
Level 1
Level 1

‎04-04-2024 06:32 AM

Hey all - for our old set up between AirOS -> AirOS we allowed UDP 16666 for tunnel control traffic · IP Protocol 97 for user data traffic. We had to adjust our FW rules with the new anchor 9800 WLCs to allow UDP 16667. Once done, the data path came up. Thank you!

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card