Mobility

Cisco 5508 – Mismatched Mobility Group ID

Setting up mobility tunnels can be tricky the first time around.. and maybe the second or third in my case!

My original setup involved two WLAN Controllers with one as the foreign (or internal) and the other as an anchor (external) in the DMZ to facilitate guest access. They had/have a mobility tunnel running between them with matching mobility names which made things simple but then I wanted to put a third controller into the mix with Guest anchoring to the 2nd WLC as well and wasn’t sure if there would be an issue with the mobility names.

So, I ended up with this mobility configuration overall:

1st WLC (Internal) – IP 192.168.2.10 – MAC AA:AA:AA:AA:AA:AA

2nd WLC (External Guest Anchor) – IP 10.50.50.10 – MAC BB:BB:BB:BB:BB:BB

3rd WLC (Internal but different domain to 1st WLC) – 172.64.32.10 – CC:CC:CC:CC:CC:CC

1st WLC

Mac Address IP address Group Name
AA:AA:AA:AA:AA:AA 192.168.2.10 ilovemobility
BB:BB:BB:BB:BB:BB 10.50.50.10 ilovemobility

2nd WLC

Mac Address IP address Group Name
BB:BB:BB:BB:BB:BB 10.50.50.10 ilovemobility
AA:AA:AA:AA:AA:AA 192.168.2.10 ilovemobility
CC:CC:CC:CC:CC:CC 172.64.32.10 ilovemobilitymore

3rd WLC

Mac Address IP address Group Name
CC:CC:CC:CC:CC:CC 172.64.32.10 ilovemobilitymore
BB:BB:BB:BB:BB:BB 10.50.50.10 ilovemobilitymore

Or for a visual representation:

3 WLCs, 1 Guest Anchor
3 WLCs, 1 Guest Anchor

I already knew WLC1 and WLC2 were working fine as the system had been in place for two years but after addubg WLC3 into the mix the mobility tunnel wasn’t coming up (data or control path).

I confirmed neither the control or data paths were up through the mping and eping commands on the respective WLCs but they could ping each other through standard ICMP so more investigation was required.

As with most issues, debug was my friend. I enabled a debug on everything mobility through the command – debug mobility packet enable and immediately saw the following message on both WLCs:

(Cisco Controller) show>q*mmListen: Mismatched Mobility Group ID: 3d393ac1 f5cdfc2 8d1c9ccb 1b05d33c from 10.50.50.10, dropping, hdr->type 20

The messtage immediately points me to where I’ve configured my mobility groups and troubleshooting that. It didn’t take long to realise that I didn’t need to have the mobility groups matching on WLCs 2 and 3 like I have on 1 and 2 (and in fact could have had different mobility groups on 1 and 2 when that was first setup). Instead I need to ensure that when I map mobility IP I include the default group that is configured on the other end of the tunnel. In my table above I need to change one configuration on my new WLC.

1st WLC

Mac Address IP address Group Name
AA:AA:AA:AA:AA:AA 192.168.2.10 ilovemobility
BB:BB:BB:BB:BB:BB 10.50.50.10 ilovemobility

2nd WLC

Mac Address IP address Group Name
BB:BB:BB:BB:BB:BB 10.50.50.10 ilovemobility
AA:AA:AA:AA:AA:AA 192.168.2.10 ilovemobility
CC:CC:CC:CC:CC:CC 172.64.32.10 ilovemobilitymore

3rd WLC

Mac Address IP address Group Name
CC:CC:CC:CC:CC:CC 172.64.32.10 ilovemobilitymore
BB:BB:BB:BB:BB:BB 10.50.50.10 ilovemobility

If I wanted to tidy this up even more than I’d also change the mobility domain on my 1st WLC so that it has a unique domain too.

This may seem rudimentary to more experienced engineers but was a “today I learnt” moment for me. My final result has two foreign controllers servicing two separate groups of clients whilst sharing the same guest service. This saves on unnecessary hardware/software costs whilst maintaining security.

Eventually I’ll end up with this:

3 WLCs Separate Domains
3 WLCs with unique Mobility Domains
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s