Skip to content-main content

News

Techtip: MSE and WLE Communication Problems

Network Mobility Services Protocol (NMSP) manages communication between the mobility service engine and the wireless controller. When synchronizing your wireless LAN (WLAN) controller with MSE, the MSE uses a key to authenticate your WLC, similar to the way your LAP joins your WLC.

 

If you look on the WLC under Security > AP policy you will see a lbs-ssc that comes from the MSE:

TechTip_MSE_WLC_20160310

You can verify the lbs-ssc by logging onto the MSE, at the cmdshell, type show server-auth-info, you should see MAC address and SHA key that should match what is on the WLC.

 

[root@mse ~]# cmdshell cmd> show server-auth-info invoke command: com.aes.server.cli.CmdGetServerAuthInfo AesLog queue high mark: 50000 AesLog queue low mark: 500

—————- Server Auth Info —————- MAC Address:

SHA1 Key Hash:

SHA2 Key Hash: Certificate Type: SSC

 

NMSP communication problems can occur when you add your wireless LAN controller to Cisco Prime with snmp read-only.  The MSE cannot put that cert on WLC.

 

You can do two things:

  1. You can manually put the lbs-ssc on your wlc
  2. You can turn off authentication  on the MSE, from the MSE cmdshell, type config unauthenticated-nmsp true, then restart the msed services
    • cmd> config unauthenticated-nmsp true – Enable Un-authenticated NSMP connection.

 

David Cutright
2016 Cisco Instructor Excellence Award Instructor
GigaWave Technologies