This configuration is required on the AireOS(IRCM image) controller after you have
configured this AireOS controller as a peer on the Catalyst 9800 controller.
Including both these controllers as part of the mobility group sets them up as
mobility peers.
Before you start to configure the peers, log in to the Catalyst 9800 controller and
gather the Mobility Group Name and Mobility MAC Address by entering the
show wireless mobility summary exec command.
Device#show wireless mobility summary
Mobility Summary
Wireless Management VLAN: 2601
Wireless Management IP Address: 9.12.32.10
Mobility Control Message DSCP Value: 10
Mobility Keepalive Interval/Count: 5/3
Mobility Group Name: test
Mobility Multicast Ipv4 address: 0.0.0.0
Mobility Multicast Ipv6 address: ::
Mobility MAC Address: 001E.BD0C.5AFF
If you are adding a 9800-CL as a mobility peer, collect the hash value from the 9800
controller
Device#show wireless management trustpoint
Trustpoint Name : ewlc-tp1
Certificate Info : Available
Certificate Type : SSC
Certificate Hash : 99459418731eb69f234058da4ebb10fddc9f939c
Private key Info : Available
FIPS suitability : Not Applicable
With the above information handy, log in to the AireOS(IRCM image) controller and
follow the steps below to setup the tunnel between the peer controllers:
Verify the configuration on the 9800 controller
Device#show wireless mobility summary
Mobility Summary
Wireless Management VLAN: 2601
Wireless Management IP Address: 172.16.0.5
Mobility Control Message DSCP Value: 48
Mobility Keepalive Interval/Count: 10/3
Mobility Group Name: test
Mobility Multicast Ipv4 address: 0.0.0.0
Mobility Multicast Ipv6 address: ::
Mobility MAC Address: 00:59:dc:c3:d0:00
Controllers configured in the Mobility Domain:
IP Public Ip Group Name Multicast IPv4 Multicast IPv6 Status PMTU
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
172.16.0.21 N/A test 0.0.0.0 :: N/A N/A
172.16.0.5 172.16.0.5 test 0.0.0.0 :: Up 1385
Verify the status of the client for L2 roam in case the client roams:
The following example depicts a L2 roam between two AireOS (IRCM image) controllers.
Device >show client summary
Number of Clients................................ 1
Number of PMIPV6 Clients......................... 0
Number of EoGRE Clients.......................... 0
GLAN/
RLAN/
MAC Address AP Name Slot Status WLAN Auth Protocol Port Wired Tunnel Role
----------------- ------------------------------ ---- ------------- ----- ---- ---------------- ---- ----- ------- ----------------
60:38:e0:0b:01:1a APA0B4.3969.ADA6 1 Associated 1 Yes 802.11n(5 GHz) 1 No No Local
Show the details of a particular client:
Device >show client detail 60:38:e0:0b:01:1a
Client MAC Address............................... 60:38:e0:0b:01:1a
Client Username ................................. N/A
Client Webauth Username ......................... N/A
Hostname: .......................................
Device Type: .................................... Unclassified
AP MAC Address................................... c4:b2:39:2a:f5:c0
AP Name.......................................... APA0B4.3969.ADA6
AP radio slot Id................................. 1
Client State..................................... Associated
User Authenticated by ........................... None
Client User Group................................
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 1
Wireless LAN Network Name (SSID)................. IRCM1014_WLAN_OPENAUTH1
Wireless LAN Profile Name........................ IRCM1014_WLAN_OPENAUTH1
WLAN Profile check for roaming................... Disabled
Hotspot (802.11u)................................ Not Supported
Connected For ................................... 14 secs
BSSID............................................ c4:b2:39:2a:f5:cf
Channel.......................................... 100
IP Address....................................... 10.14.115.197
Gateway Address.................................. 10.14.115.1
--More-- or (q)uit
Netmask.......................................... 255.255.255.0
IPv6 Address..................................... fe80::6238:e0ff:fe0b:11a
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Client IPSK-TAG.................................. N/A
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
Avg Uplink data Rate............................. 0
Burst Uplink data Rate........................... 0
Avg Uplink Real time data Rate................... 0
Burst Uplink Real Time data Rate................. 0
802.1P Priority Tag.............................. disabled
Security Group Tag............................... Unknown(0)
KTS CAC Capability............................... No
Qos Map Capability............................... No
WMM Support...................................... Enabled
--More-- or (q)uit
APSD ACs....................................... BK BE VI VO
Supported Rates.................................. 6.0,9.0,12.0,18.0,24.0,36.0,
............................................. 48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Pre-auth IPv4 ACL Name........................... none
Pre-auth IPv4 ACL Applied Status................. Unavailable
Pre-auth IPv6 ACL Name........................... none
Pre-auth IPv6 ACL Applied Status................. Unavailable
Pre-auth Flex IPv4 ACL Name...................... none
Pre-auth Flex IPv4 ACL Applied Status............ Unavailable
Pre-auth Flex IPv6 ACL Name...................... none
Pre-auth Flex IPv6 ACL Applied Status............ Unavailable
Pre-auth redirect URL............................ none
Audit Session ID................................. 0a0e750a000000796166331d
AAA Role Type.................................... none
Acct Interim Interval............................ 0
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
AAA FlexConnect ACL Applied Status............... Unavailable
IPv4 ACL Applied Status.......................... Unavailable
--More-- or (q)uit
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Post-auth Flex IPv6 ACL Name..................... none
Post-auth Flex IPv6 ACL Applied Status........... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
URL ACL Name..................................... none
URL ACL Applied Status........................... Unavailable
Client Type...................................... SimpleIP
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... N/A
Encryption Cipher................................ None
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ vlan0115
VLAN............................................. 115
Quarantine VLAN.................................. 0
Access VLAN...................................... 115
Local Bridging VLAN.............................. 115
Client Capabilities:
--More-- or (q)uit
Radio Capability........................... 802.11n
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Not implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
11v BSS Transition......................... Not implemented
Non-Operable Channels............................ None
Non-Prefer Channels.............................. None
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
DNS Server details:
DNS server IP ............................. 0.0.0.0
DNS server IP ............................. 0.0.0.0
Assisted Roaming Prediction List details:
--More-- or (q)uit
Client Dhcp Required: False
Allowed (URL)IP Addresses
-------------------------
AVC Profile Name: ............................... none
OpenDns Profile Name: ........................... none
Fastlane Client: ................................ No
Max DSCP: ....................................... 0
Nas Identifier: ................................. Kukri1
Fabric Statistics
--------------------
Client Statistics:
Number of Bytes Received................... 0
Number of Bytes Sent....................... 0
Total Number of Bytes Sent................. 0
Total Number of Bytes Recv................. 0
Number of Bytes Sent (last 90s)............ 0
Number of Bytes Recv (last 90s)............ 0
Number of Packets Received................. 0
Number of Packets Sent..................... 0
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
--More-- or (q)uit
Number of EAP Request Msg Timeouts......... 0
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 0
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 0
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -30 dBm
Signal to Noise Ratio...................... 65 dB
Client Detected as Inactive................ Yes
Client RBACL Statistics:
Number of RBACL Allowed Packets............ 0
Number of RBACL Denied Packets............. 0
Client Rate Limiting Statistics:
Number of Data Packets Received............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Received.............. 0
Number of Data Rx Bytes Dropped............ 0
--More-- or (q)uit
Number of Realtime Packets Received........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Received.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
AP00A2.8900.3660(slot 1)
antenna0: 77 secs ago.................... -30 dBm
antenna1: 77 secs ago.................... -30 dBm
APA0B4.3969.ADA6(slot 0)
antenna0: 1772 secs ago.................. -27 dBm
antenna1: 1772 secs ago.................. -27 dBm
APA0B4.3969.ADA6(slot 1)
antenna0: 2 secs ago..................... -26 dBm
antenna1: 2 secs ago..................... -26 dBm
--More-- or (q)uit
DHCP Server IP Address: ....................... 10.14.115.1
Discover-offer time: 1597
Request-ack time: 2134
Verify the status of the client for L3 roam, in case the client roams:
-
from a Catalyst 9800 controller to another Catalyst controller on a different
VLAN
-
from one AireoS controllers (with IRCM image) to another AireOS controller on
different VLANs.
-
from a Catalyst 9800 controller to an AireOS controller or vice versa.
The following example depicts a client roaming from an AireOS controller to a 9800
controller.
Device>show wireless client summary
Number of Clients: 1
MAC Address AP Name Type ID State Protocol Method Role
-------------------------------------------------------------------------------------------------------------------------
6038.e00b.011a AP687D.B45C.1300 WLAN 1 Run 11n(5) None Foreign
Number of Excluded Clients: 0
Show the details of a particular client:
Device>show wireless client mac-address 6038.e00b.011a detail
Client MAC Address : 6038.e00b.011a
Client MAC Type : Universally Administered Address
Client DUID: NA
Client IPv4 Address : 10.14.115.197
Client IPv6 Addresses : fe80::6238:e0ff:fe0b:11a
Client Username: N/A
AP MAC Address : 687d.b45e.e2e0
AP Name: AP687D.B45C.1300
AP slot : 1
Client State : Associated
Policy Profile : default-policy-profile
Flex Profile : N/A
Wireless LAN Id: 1
WLAN Profile Name: IRCM1014_WLAN_OPENAUTH1
Wireless LAN Network Name (SSID): IRCM1014_WLAN_OPENAUTH1
BSSID : 687d.b45e.e2ef
Connected For : 21 seconds
Protocol : 802.11n - 5 GHz
Channel : 149
Client IIF-ID : 0xa0000001
Association Id : 1
Authentication Algorithm : Open System
Idle state timeout : N/A
Session Timeout : 1800 sec (Remaining time: 1710 sec)
Session Warning Time : Timer not running
Input Policy Name : None
Input Policy State : None
Input Policy Source : None
Output Policy Name : None
Output Policy State : None
Output Policy Source : None
WMM Support : Enabled
U-APSD Support : Disabled
Fastlane Support : Disabled
Client Active State : Active
Power Save : OFF
Current Rate : m14
Supported Rates : 6.0,9.0,12.0,18.0,24.0,36.0,48.0,54.0
AAA QoS Rate Limit Parameters:
QoS Average Data Rate Upstream : 0 (kbps)
QoS Realtime Average Data Rate Upstream : 0 (kbps)
QoS Burst Data Rate Upstream : 0 (kbps)
QoS Realtime Burst Data Rate Upstream : 0 (kbps)
QoS Average Data Rate Downstream : 0 (kbps)
QoS Realtime Average Data Rate Downstream : 0 (kbps)
QoS Burst Data Rate Downstream : 0 (kbps)
QoS Realtime Burst Data Rate Downstream : 0 (kbps)
Mobility:
Anchor IP Address : 10.14.117.10
Point of Attachment : 0x90000006
Point of Presence : 0xA0000002
AuthC status : False
Move Count : 1
Mobility Role : Foreign
Mobility Roam Type : L3
Mobility Complete Timestamp : 10/12/2021 18:21:18 PDT
Client Join Time:
Join Time Of Client : 10/12/2021 18:21:18 PDT
Client State Servers : None
Client ACLs : None
Policy Manager State: Run
Last Policy Manager State : IP Learn Complete
Client Entry Create Time : 21 seconds
Policy Type : N/A
Encryption Cipher : None
Transition Disable Bitmap : 0x00
User Defined (Private) Network : Disabled
User Defined (Private) Network Drop Unicast : Disabled
Encrypted Traffic Analytics : No
Protected Management Frame - 802.11w : No
EAP Type : Not Applicable
VLAN Override after Webauth : No
VLAN : 116
Multicast VLAN : 0
Anchor VLAN : 115
WiFi Direct Capabilities:
WiFi Direct Capable : No
Central NAT : DISABLED
Session Manager:
Point of Attachment : capwap_90000006
IIF ID : 0x90000006
Authorized : TRUE
Session timeout : 1800
Common Session ID: 0a0e750a000000796166331d
Acct Session ID : 0x00000000
Auth Method Status List
Method : None
Local Policies:
Service Template : wlan_svc_default-policy-profile_local (priority 254)
VLAN : 116
Absolute-Timer : 1800
Server Policies:
Resultant Policies:
VLAN Name : VLAN0116
VLAN : 116
Absolute-Timer : 1800
DNS Snooped IPv4 Addresses : None
DNS Snooped IPv6 Addresses : None
Client Capabilities
CF Pollable : Not implemented
CF Poll Request : Not implemented
Short Preamble : Not implemented
PBCC : Not implemented
Channel Agility : Not implemented
Listen Interval : 0
Fast BSS Transition Details :
Reassociation Timeout : 0
11v BSS Transition : Not implemented
11v DMS Capable : No
QoS Map Capable : No
FlexConnect Data Switching : N/A
FlexConnect Dhcp Status : N/A
FlexConnect Authentication : N/A
Client Statistics:
Number of Bytes Received from Client : 0
Number of Bytes Sent to Client : 0
Number of Packets Received from Client : 0
Number of Packets Sent to Client : 0
Number of Policy Errors : 0
Radio Signal Strength Indicator : -25 dBm
Signal to Noise Ratio : 79 dB
Fabric status : Disabled
Radio Measurement Enabled Capabilities
Capabilities: None
Client Scan Report Time : Timer not running
Client Scan Reports
Assisted Roaming Neighbor List
Nearby AP Statistics:
AP58AC.78DC.F830 (slot 1)
antenna 0: 10 s ago ........ -32 dBm
antenna 1: 10 s ago ........ -32 dBm
AP687D.B45C.1300 (slot 1)
antenna 0: 10 s ago ........ -20 dBm
antenna 1: 10 s ago ........ -20 dBm
EoGRE : No/Simple client
Max Client Protocol Capability: 802.11n
WiFi to Cellular Steering : Not implemented
Cellular Capability : N/A
Advanced Scheduling Requests Details:
Apple Specific Requests(ASR) Capabilities/Statistics:
Regular ASR support: DISABLED