12-10
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 12 Configuring Mobility GroupsWireless Device Access
Configuring Mobility Groups
Note For the Cisco WiSM, both controllers should be configured with the same mobility group
name for seamless routing among 300 access points.
• Controllers within the same mobility group that run different software releases (such as 4.2, 5.0, 5.1,
and 5.2) can use guest tunneling, but they do not support normal client mobility.
Note If you inadvertently configure a controller that is running software release 5.2 with a failover
controller that is running a different software release (such as 4.2, 5.0, or 5.1), the access
point might take a long time to join the failover controller because the access point starts the
discovery process in CAPWAP and then changes to LWAPP discovery.
• All controllers must be configured with the same virtual interface IP address.
Note If necessary, you can change the virtual interface IP address by editing the virtual interface
name on the Controller > Interfaces page. See Chapter 3 for more information on the
controller’s virtual interface.
Note If all the controllers within a mobility group are not using the same virtual interface,
inter-controller roaming may appear to work, but the hand-off does not complete, and the
client loses connectivity for a period of time.
• You must have gathered the MAC address and IP address of every controller that is to be included
in the mobility group. This information is necessary because you will be configuring all controllers
with the MAC address and IP address of all the other mobility group members.
Note You can find the MAC and IP addresses of the other controllers to be included in the mobility
group on the Controller > Mobility Groups page of each controller’s GUI.
• When you configure mobility groups using a third-party firewall, Cisco PIX, or Cisco ASA, you
need to open ports 16666, 12222, and 12223; IP protocols 50 and 97; and UDP port 500.
Note You cannot perform port address translation (PAT) on the firewall. You must configure
one-to-one network address translation (NAT).