To configure the Cisco Catalyst 3850 Series Switch for mobility groups, the Cisco Catalyst 3850 Series Switch needs to be in the Mobility Controller (MC) mode.

Device# configure terminal

Device(config)# wireless mobility controller

To configure the mobility groups on Cisco Catalyst 3850 Series Switch, reset the switch and then configure the mobility groups on the Cisco Catalyst 3850 Series Switch. The following table displays the details that are used to create a sample mobility group for Cisco Catalyst 3850 Series Switch and Cisco 5500 Series Wireless Controller:

Note

To document the Cisco Catalyst 3850 Series Switch MAC address, use the following command: show interface vlan 262 To configure Mobility Controller with the Cisco 5500 Series Wireless Controller information and form a mobility group, use the following command: wireless mobility group member ip 192.0.2.1 group mcast_mob To configure the Cisco Catalyst 3850 Series Switch to be in the Converged Access mobility group, use the following command: wireless mobility group name Converged Access The following is the output that is displayed after you perform the above configurations on Cisco Catalyst 3850 Series Switches: Device# do show run | section wireless qos wireless-default-untrust wireless mobility controller wireless mobility group member ip 192.0.2.1 public-ip 192.168.75.44 group mcast_mob wireless mobility group name Converged Access wireless management interface Vlan262

To create a PSK SSID, the SSID is configured as a foreign SSID and the clients are pushed to Cisco 5500 Series Wireless Controller.

wlan anchor-profile 1 anchor-ssid
no security wpa akm dot1x
security wpa wpa1 ciphers tkip
security wpa akm psk  set-key ascii 0 Testlab1

mobility anchor 192.0.2.1
no shutdown

To form a mobility group between Cisco Catalyst 3850 Series Switches and Cisco 5500 Series Wireless Controller, perform the following steps:

1. To enable New Mobility, navigate to Controller > Mobility Management > Mobility Configuration.

   Note	After you enable New Mobility, the Wireless LAN Controller restarts. Cisco Catalyst 3850 Series Switch and Cisco 5500 Series Wireless Controller can form a mobility group only if New Mobility is enabled.

2. Confirm that Cisco 5500 Series Wireless Controller's Management IP address is listed in the Mobility Controller's public IP address. The WLC is configured to support the new mobility architecture.

   Note	You can also enable the Mobility Oracle. However, this is optional.

3. Add the Cisco Catalyst 3850 Series Switches in the mobility group. The mobility group is configured. However, approximately a minute is taken for the control path to form as compared to the flat mobility group architecture.

   Note	The procedure is similar to configuring any other WLC.

To configure an anchor SSID on Cisco 5500 Series GUI, perform the following tasks:

1. Configure Cisco 5500 Series Wireless Controller with WPA1 TKIP or WPA2 AES PSK SSID that is pointed to the management interface of the WLC.

2. Configure the SSID to be an anchor SSID on the Cisco 5500 Wireless Controller.

To test the connectivity between the client and Cisco Catalyst 3850 Series Switches and Cisco 5500 Series Wireless Controller, perform the following:

• To verify that the client connects to Cisco Catalyst 3850 Series Switch, use the following command:

  Device# show wireless client summary
  show wireless client mac-address <MAC ADDR>  detail
  

  The following output displays the connectivity status of the client on Cisco Catalyst 3850 Series Switch:

  Wireless LAN Id : 1
  Wireless LAN Name: anchor-profile
  Policy Manager State : RUN
  

• To confirm that the client successfully connects to Cisco 5500 Series Wireless Controller, use the following commands:

  Device# show client summary
  show client detail <mac addr> or use the GUI

To configure the Cisco 5500 Series Wireless Controller so that the clients are navigated to Cisco Catalyst 3850 Series Switch, change the mobility anchor settings so that the mobility anchor sends the clients to Cisco Catalyst 3850 Series switch.

The new mobility architecture uses three User Datagram Protocol (UDP) ports to transfer information between WLCs in the mobility group. The three UPDs must be open in both directions for communication to work. The three UDPs to transfer information between WLCs in the mobility group are the following:

To display the status of the mobility group, use the following command:

Device# show wireless mobility summary

The following output displays the summary of the mobility controller:

Mobility Role									        																		: Mobility Controller
Mobility Protocol Port                          : 16666
Mobility Group Name                             : CONVERGEDACCESS
Mobility Oracle IP Address                      : 0.0.0.0
DTLS Mode                                       : Enabled
Mobility Domain ID for 802.11r                  : 0x8ff4
Mobility Keepalive Interval                     : 10
Mobility Keepalive Count                        : 3
Mobility Control Message DSCP Value             : 0
Mobility Domain Member Count                    : 2
 
Link Status is Control Link Status: Data Link Status
 
The following displays the controllers that are configured in the mobility domain:
 
IP               Public IP        Group Name       Multicast IP     Link Status
-------------------------------------------------------------------------------
198.51.100.1      -            CONVERGED ACCESS      0.0.0.0        UP   : UP
203.0.113.1    192.0.2.254        mcast_mob                         UP   : UP