Re: 9800 Auto-Anchor with local APs and SSID

JWS · ‎01-31-2023

Have a client that has a 9800 auto-anchoring a quest network for several locations. The 9800 Auto-Anchor is at a site where they now want to host an AP and a local SSID. It has been my understanding that the auto-anchor should be used only for an anchor, and not control local APs or host local SSID. An associate told me it's possible to control local APs and host local SSID so long as the SSID isn't the same one that's exported for foreign controllers using it for guest traffic.

Anyone setup an Auto-Anchor with local SSID and supporting local APs?

marce1000 · ‎02-01-2023

>...An associate told me it's possible to control local APs and host local SSID so long as the SSID isn't the same one that's exported for foreign controllers using it for guest traffic.
- I doubt it because foreign WLC will use the anchor's Wireless Management IP and also everything will revert to Central Switching (to the Anchor) , you could attempt it and use WirelessAnalyzer which will quickly point out fatal configuring errors for that use the CLI command : show tech wireless , have the output analyzed by https://cway.cisco.com/tools/WirelessAnalyzer/ , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer. Checkout all advisories!

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Scott Fella · ‎02-01-2023

You can have the same SSID as long as the profile name is unique. Basically you have your SSID that is used only for anchor and then you have another SSID profile that is used for local. Of course you will need different tags and policies for the site that requires local SSID.

-Scott
*** Please rate helpful posts ***

craiglebutt · ‎02-01-2024

HI

Just on the back of this one, this helped me out, ith one anchor. We advertise 4 organisations in our hospital, and they in return advertise our SSID around the county in their buildings.

I can get above working just for one organisation, but when clone and change the profile name, I get the ususal

%CLIENT_ORCH_LOG-4-ANCHOR_VAP_SECURITY_MISMATCH: Chassis 1 R0/0: wncd: Export anchor required but local and remote security/profile configuration is not matching for: Wlan-Profile: billybob, Policy-Profile: billybob

But from I can see what it is asking for is correct. I've put them in seperate TAG, same TAG

Is there something I'm missing? cheers

			foreign
9800 wlan profile	9800 wlan ssid	9800 policy profile name	5520 wlan profile name	5520 wlan SSID	works
myssid	myssid	myssid	myssid	myssid	yes
billybob	myssid	billybob	billybob	myssid	no

marce1000 · ‎02-01-2024

- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd76693

M.

m.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

craiglebutt · ‎02-02-2024

hi

So only way going to get this to work, is to get all the organisations to change their naming conventions for their WLAN Profile that points back to our wlcs, so the wlan profile, ssid name and policy are all the same?

cheers

Rich R · ‎02-02-2024

What version of software are you using?
CSCwd76693 is fixed in 17.9.4a which is the current TAC recommended release.

Not clear from your table which row is the local and which row is the anchor?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

craiglebutt · ‎02-02-2024

I'm on 17.9.4a

i'll log a call

cheers

Rich R · ‎02-02-2024

> i'll log a call
That's probably best

But still not clear which ROW (horizontal line) is local and which is foreign.
In other words which SSID profile is the one you're using locally?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

craiglebutt · ‎02-02-2024

There are collum headings, which show at the top
The first row shows the config that works,
The second row shows the row trying to simulate that doesn't work.

pabloayalas · ‎06-06-2024

Scott, what you were saying works. I had to duplicate two components from the existing setup: a wireless policy and a WLAN. For instance, we have a Guest_Network under the company's Wireless profile policy. I duplicated it and renamed it Guest_Wireless_Anchor. In this setup, I enabled the anchor configuration. You need to have nearly identical configurations on both anchor and foreign controllers, with just a few minor adjustments. For example, you can ignore the VLAN on the wireless profile policy in the foreign controller since you're not supposed to have a local IP address assignment. It's working!!! Thanks