04-18-2012 02:37 PM - edited 07-03-2021 10:01 PM
I have successfully implemented wireless guest access using 4402 WLC as the Anchor and 5508 as Foreign. The Anchor controller also provides dhcp services to guest clients. The 5508 is LAGged and there is no issue with the guests traffic separated from corporate. At a remote site, there is a 4402 WLC using LAG and also acting as a Foreign controller. But when a client connects to the guest WLAN, it obtains a corporate dhcp address instead of the dhcp address assigned from the Anchor controller. The guest WLAN setting is the same as with the 5508 controller i.e. DHCP server override is ticked and the management IP address of the Anchor controller is specfied. Also DHCP Addr required is ticked. Could anyone explain why the 4400 controller is not forwarding dhcp requests to the anchor controller and instead sending to the corporate dhcp server.
Solved! Go to Solution.
04-26-2012 06:12 AM
it doesn't seem that the client is getting anchored. there is a mobile announce, which will happen when a client joins, and the WLC checks it's peers to see if there is already an entry.
What I do see on the Foreign is: DHCP successfully bridged packet to DS.
I don't see any of the other messages that would indicate the WLC is trying to anchor the client at all.
Can you post the output of:
show wlan < wlan ID > - from both the Anchor and the Foreign that are not working?
show mobility summary - from both the Anchor and the Foreign that are not working?
Steve
04-18-2012 04:05 PM
Well it could be a few things. First, is your mobility anchor defined on the SSID on the remote wlc? The APs are in local mode not in h-reap or FlexConnect. Even though you have the dhcp override, if the traffic isn't getting tunneled, you won't get a dhcp from the anchor.
Sent from Cisco Technical Support iPhone App
04-18-2012 04:56 PM
For anchoring to work, the WLAN config must match.
If you are anchoring the WLAN to a DMZ WLC, you don't need to set the tho override parameter, as the DGCP will come from the DMZ WLC by default.
Now if you have that setting on the inside, you must have the same settings on the DMZ as well
Steve
Sent from Cisco Technical Support iPhone App
04-18-2012 11:04 PM
Thanks for you responses. However, I mentioned that APs connected to the 5508 WLC are working as expected. That means the guest WLAN config on the 5508 is the same as the 4400 and DMZ WLC. The guest WLAN is centrally switched.
04-18-2012 11:50 PM
Are you able to eping and mping between them? If you run debug client and debug mobility handoff. You should see messages on the anchor of its not able to create the tunnel for the user.
Steve
Sent from Cisco Technical Support iPhone App
04-19-2012 06:58 AM
The mobility data and control path (eping/mping) is up. I will run a debug later.
04-20-2012 05:59 AM
Looked at the mobility stats on the controller and discovered that there is no Client handoff as Foreign. Compared the config between 5500 and 4400 Foreign WLCs and found no error. My config is as follows:
1. LAG is enabled
2. Guest wlan mapped to management interface
3. Anchor WLC is 4400
4. Both Foreign and Anchor controllers have DHCP server override with the management IP add of the Anchor specified
5. Both Foreign and Anchor controllers management interfaces have no DHCP server IP specified
6. There is no guest vlan interface or subnet.
7. DHCP proxy is only enabled on Anchor controller
8. 5500 WLCs have been supporting guest access properly since 2011
This is really frustrating. I wish Cisco would could maintain some consistency
04-20-2012 06:05 AM
On your foreign wlc, you have the SSID anchored to the 4400 and of course the 4400 guest WLAN is anchored to itself.
Thanks,
Scott Fella
Sent from my iPhone
04-20-2012 06:06 AM
I have the same setup using a 4400 (repurpose) as an anchor for a couple of my clients and no issues with 5508's as the foreign.
Thanks,
Scott Fella
Sent from my iPhone
04-20-2012 09:47 AM
Scott,
Please read my comments. I never said I had issues with 5508 as Foreign WLC. My problem is with the Foreign 4402 WLCs. Anyway, l have planned to remove LAG from the Anchor 4400 and create a separate interface for the guest WLAN.
04-20-2012 10:15 AM
Never said it was an issue with the 5508. But if you don't see anything anchored to your anchor WLC, then your 5508 is not anchoring the traffic for that WLAN. There is nothing different per say config wise from a 4400 and 5508 running the same code except for the ap manager interface on the 4400. Why not post your show run-config on your 4400 and 5508 which is the issue.
Sent from Cisco Technical Support iPhone App
04-20-2012 12:00 PM
My 5508 has no issues handing off to the 4400 Anchor. The problem is a foreign 4400 handing off to the 4400 Anchor despite the fact the config being the same as the 5508.
04-20-2012 02:06 PM
Well that should be simpler since its the same hardware, you eliminate hardware compatibility issue. You need to post your config for us to be able to see if it's setup correctly.
Thanks,
Scott Fella
Sent from my iPhone
04-21-2012 10:11 AM
You should never map the GUEST interface to managment even if its doesnt do DHCP, just bad pratices. If the tunnel breaks your guest will get dropped on the side of your network. You should create dummy interface.
What code revs are all these devices on ?
04-21-2012 12:19 PM
My Anchor controller is on a DMZ. The corporate 4400s are not using etherchannel, hence there is a Guest interface that is not mapped to management. I only used LAG when the anchoring was not working between the Anchor 4400 and the Foreign 4400. The Anchor uses etherchannel, hence no separate guest interface. I have decided to create a separate guest interface on the Anchor controller to see if that solves the issue. This I will do on Monday. The 4400s are on 7.0.230.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide