Network Mobility Services Protocol (NMSP) manages communication between the mobility service engine and the wireless controller. When synchronizing your wireless LAN (WLAN) controller with MSE, the MSE uses a key to authenticate your WLC, similar to the way your LAP joins your WLC.
If you look on the WLC under Security > AP policy you will see a lbs-ssc that comes from the MSE:
You can verify the lbs-ssc by logging onto the MSE, at the cmdshell, type show server-auth-info, you should see MAC address and SHA key that should match what is on the WLC.
[root@mse ~]# cmdshell cmd> show server-auth-info invoke command: com.aes.server.cli.CmdGetServerAuthInfo AesLog queue high mark: 50000 AesLog queue low mark: 500
—————- Server Auth Info —————- MAC Address:
SHA1 Key Hash:
SHA2 Key Hash: Certificate Type: SSC
NMSP communication problems can occur when you add your wireless LAN controller to Cisco Prime with snmp read-only. The MSE cannot put that cert on WLC.
You can do two things:
- You can manually put the lbs-ssc on your wlc
- You can turn off authentication on the MSE, from the MSE cmdshell, type config unauthenticated-nmsp true, then restart the msed services
- cmd> config unauthenticated-nmsp true – Enable Un-authenticated NSMP connection.
2016 Cisco Instructor Excellence Award Instructor