Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
4
Replies

AP/switch number of WLAN, mobility anchoring

petercinvest
Level 1
Level 1

‎01-29-2016 01:58 AM - edited ‎07-05-2021 04:33 AM

I have HREAP and two WLC, one for dot1x, the other for guest wifi, so can I set only one SSID for each WLC, how many Wlan I should set for each WLC?

for my dot1x WLC, I connnect WLC to one 3750 switch(core), for guest WLC, should I connect to 2960 (access) switch or same 3750 switch, should AP connect to 3750(core) or 2960(access)?

for mobility anchoring, does it mean every PC connect to guest WLC should go through the tunnel and anchor to dot1X WLC? thanks

Labels:
0 Helpful
4 Replies 4

Javier Contreras
Cisco Employee
Cisco Employee

‎01-29-2016 04:43 AM

moved to correct forum

0 Helpful

Rasika Nayanajith
VIP
VIP

‎02-02-2016 03:20 PM 

so can I set only one SSID for each WLC, how many Wlan I should set for each WLC?

You can create many SSIDs on a single WLC. Remember that given AP can register to a single WLC at a time. So you have to create both SSIDs on the same WLC in order to advertise those from your APs.

Refer below link for configuring WLANs on a Cisco WLC

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01000100.html

for my dot1x WLC, I connnect WLC to one 3750 switch(core), for guest WLC, should I connect to 2960 (access) switch or same 3750 switch, should AP connect to 3750(core) or 2960(access)?

Typically you connect to WLC to a distriution/core switch where you define SVI for end user vlans. This swithport should be configured as TRUNK port in order to carry multiple vlans which you use for multiple SSIDs.

AP normally (if Local mode) connect to access ports in a switch and should be reachable to WLC at IP level (no need to directly connect to same switch where WLC is)

If APs are in FlexConnect/H-REAP mode, usually you connect in port configured as trunk. See below for guide on those deployment.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/ch7_HREA.html

for mobility anchoring, does it mean every PC connect to guest WLC should go through the tunnel and anchor to dot1X WLC?

Mobility Anchoring is for typically Guest on Wireless (unless you do wired guest access). For that you require two WLCs (one in DMZ and one in office where guest users connect to wireless). This is to isolate guest traffic to DMZ at IP level. 

Refer this for more details on that design.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/WirelessNetwork_GuestAccessService.html

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

petercinvest
Level 1
Level 1
In response to Rasika Nayanajith

‎02-04-2016 06:35 PM

Assuming HREAP, I have one guest user1 and one corporate user user2, both login to AP1, I have two WLC, WLC1 is for corporate, WLC2 is for guest, so I will only view AP1 in WLC1 but not WLC2?

in WLC2, can we see user1?

in WLC2, how many vlan we needed, how to make sure user1 login to WLC2 and get IP 192.168.0.5 (DHCP) and user 2 get IP 10.20.5.*? does anchoring mean user1 anchor to WLC2 and user 2 anchor to WLC1?

0 Helpful

Rasika Nayanajith
VIP
VIP
In response to petercinvest

‎02-04-2016 06:50 PM 

Assuming HREAP, I have one guest user1 and one corporate user user2, both login to AP1, I have two WLC, WLC1 is for corporate, WLC2 is for guest, so I will only view AP1 in WLC1 but not WLC2?

Since AP can register to a single WLC, your AP1 will be register to either WLC1 or WLC2. So all users connect to AP1 can be managed/visible via the WLC that AP register.

in WLC2, can we see user1?

Let's say you use WLC2 as Guest Anchor. WLC1 is your Foreign WLC where AP1 register. As long as you configure "Guest Anchoring" on your Guest SSID, though your guest user connect to AP1, his traffic is tunnel to WLC2. So user get IP given by WLC2 connect switch, though layer2 association is with WLC1.

in WLC2, how many vlan we needed, how to make sure user1 login to WLC2 and get IP 192.168.0.5 (DHCP) and user 2 get IP 10.20.5.*? does anchoring mean user1 anchor to WLC2 and user 2 anchor to WLC1?

Number of vlan is depend on how many SSID you have. Typically each SSID is map to a single vlan. Refer below post to understand what I mean by "Guest Anchoring"

http://mrncciew.com/2013/03/22/auto-anchor-mobility/

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card