We are running all our APs in H-REAP mode connecting to WLC 5508 (7.2.xxx)
Each H-REAP AP has local switched SSID, as well as a guest SSID (centrally switched), which is 'tunneled' to the WLC, with Internet only access through the DC.
All the AP's connecting to the WLC using the managment interface, which is also the local mobilty group.
To route traffic different for the guest WLAN, I'd like to create a new Interface on WLC and use this as local mobility group for the guest WLAN.
Is this possible, or is the managment interface always the local monility group?
Appreciate your feedback.
Whad do you mean by "local mobility group" ? For the mobility configuration you have to use controller MAC address & management interface IP detail (not any dynamic interface IPs)
Yes, you can create a seperate dynamic interface for the guest WLAN, but do not understand why you do want to relate it to mobility group configuration ?
Each of our branch sites have 2 WAN connections. 1 MPLS (critical traffic), 1 IPsec (non critical).
While the managment interface of WLC is reachbale through MPLS, I'd like to route traffic for Guest WLAN over IPsec.
Therefore I would need create a 2nd Interface on WLC (different IP range) and terminate centrally switched traffic on that interface.
As you've mentioned the local mobility group is always the controller MAC (management int), so not sure if there's another way to solve this?
H-REAP AP,s register to managmnet int --> routed through MPLS
centrally switched traffic to different int --> routed through IPsec
Now it is clear what you are trying to achieve.
I doubted you can achieve this since AP to WLC traffic always destined to WLC management IP address (so it will go via MPLS). Even you create a seperate dynamic interface on your WLC to egress guest traffic , it won't help you to bring branch guest traffic to WLC via your IPSec.