Thanks Stephen.  They share the same subnet, and I can communicate between hosts on the same anchor, but not with a host on the other anchor.  Was trying to figure out if this is by design of the technology, or if there is a setting that changes this.

Thanks,

Jason

If the clients are all on the same subnet, it's weird that they can't communicate, I can ask my clients to test this out.  It might just be a limitation of the technology of using multiple anchors.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

Well... my client was able to join the guest network and get anchored to one of the guest anchors and ping another device on a different anchor.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

Jason, same subnet, different anchors?  how are the anchors communitcating, thorugh a firewall?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

yes, that is accurate.  Different hosts connecting to the same SSID, but go to different anchor controllers that connect to different firewalls.  I can ping everything that connects to the same anchor, but nothing that connects to the other anchor. I am wondering if its just the EoIP tunnels that is blocking that access.

Thanks,

Jason

But the subnet is tied together correct, meaning that the users are put in the exact same layer 2 subnet in the DMZ?

Sent from Cisco Technical Support iPhone App

Correct, but I don't see arp or anyting from any host connected to the other anchor controller.

one last question just for confirmation , you have two WLANs on the forgien WLC with the same SSID , right ?

if yes , then you can replace each anchor WLC with a L2 switch and consider that the clients are directly connected to these switches , if these switches do L2 isolation between the clients , then the WLCs do .

the same SSID is created on the local controller and both anchor controllers.

ok, what i'm trying to say that if there is communication between client A and client B it's would not be through the mobility tunnels between the WLCs , it will be through the switched network .

Correct.  I just wanted to make sure what I was seeing was sane.  I thought it was because of the way EoIP and CAPWAP tunnels work. So broadcasts and such would not cross them, therefore I would only communicate to  hosts that are connected to the same anchor controller via that tunnel.

thanks,

Jason

The anchor WLC is putting the guest in the same switched subnet correct?  if so, it would be the same as if you were connected wired, you should be able to ping any device on that same layer 2 network.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****