They are in the same building, in the same data center but physically separated. Is getting 2 controllers for each network my only option?

Unless you plan on extending the one network... The access points need to join the WLC somehow, so how will you do this effectively without having limitations or opening up the firewall.  Even with two desperate wireless systems, they don't have any communications between the two, so you might also have to deal with channel overlap. This is normal in downtown cities when building tenants all have wireless. Nothing new here. 

-Scott

Trying to figure out a solution where I can use the single controller for both networks. How about if we buy a new switch and have the 2 networks connect to that new switch. Or something like that :/

That would work also, but you really have to look at it closely to make sure it's designed properly for you. Treat it as if wired machines were to connect to one of the networks.  You can use just a layer 2 vlan to connect the two networks and just have one of the layer 3 switches do the routing for that vlan. 

-Scott

hmmm what about if we connect the 2 sites via VPN. Can the AP;s connect to the controller through a VPN ?

Sure that would work, but you need to make sure your requirements meet your design. You need to look at where your wireless users will be placed at along with the latency between the sites. 

-Scott

Hello Scott,

shouldn´t it be possible to attach the WLC to both networks when you configure two Dynamic AP Manager Interfaces, one for each network ??

WLC without LAG

Port 1 Network 1

Port 3 Network 2

Dynamic AP Manager Interface Network Port 1

Dynamic AP Manager Interface Network Port 3

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_011100.html

Greetings

Philip

I think this solution is possible as the 2500 controller has 4 ports. the 2 networks can be connected to the 2 ports and communicate with each other. The 2 networks will have 2 diff vlans.

Hi Talal,

Wont work because the management IP of the controller. The APs will need to talk to the management IP address. If the networks are broken in two, then the management IP can only live on one side of the network.

Cisco is running a special buy 2 1700,2700 or 3700 access points and get a free 2500 controller. Maybe just go that route.

Well in this scenario, the networks are separated by a firewall not phsyically broken. But all traffice from both networks cant communicate with each other unless the ports are open.

How the APs talk to the controller is via CAPWAP. If you have the controller on one side and the FW is blocking the CAPWAP from the APs on the other side they won't connect. You will need to punch holes in the FW to allow 5246 and 5247. But even then, your clients will still dump on the one side of the FW, be dropped on he wired and won't be able to talk back.

No can do with a WLC. 

Look at autonomous or get another WLC.

the switches and controller are after the firewall. The internet is connecting to the firewall and giving certain policies to each network. If the controller is placed after the firewall, the capwap doesnt need to go through the firewall i think. it will go through the switches.

please check the attachment to get an idea.Port X2 of the firewall is network A and port x0 is network B. We can place a controller on network A side and connect the switch from Network B side to the controller.

Here again. An Ap is going to connect to B side, get an IP from bside. Over the wired side network it will need to route to the WLC management address which is on the a side. How do you plan to get that traffic over there? Its going to pass through that FW. 

Unless you plan and putting a router between the two networks or bridge them, but that defeats the purpose of the FW. 

And if you did get this to work by doing something inside. The controller lives on the aside. Your wireless clients will dump right inside the aside network. 

Lots is hassle. Easier just to do 2 controllers.