Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
788
Views
0
Helpful
5
Replies

Foreign WLC and Anchor WLC

abinaya.2.r
Level 1
Level 1

‎06-20-2018 06:07 AM - edited ‎07-05-2021 08:45 AM

Hi,

I have a foreign WLC at America which is of model AIR-CT2504-K9 and the AIR-CAP3602I-A-K9 and AIR-CAP3502I-A-K9 APs registered to it. I also have an anchor WLC at Australia in DMZ zone which is of model AIR-CT5508-K9

.

I will establish an EOIP tunnel between these two WLCs. The Guest users will take a Layer2 PSK authentication on the Foreign WLC and a Layer 3 Web authentication at the Anchor WLC. The Anchor WLC has an internal DHCP configured. My question is

1. When I have an user connected at America, As the traffic will go through the EOIP tunnel, Will I have latency issues as these two WLCs are located in different regions?

2. Do I have an option for the user traffic to take a Layer2 PSK authentication on the foreign WLC and then Layer 3 Web authentication at anchor WLC and once the user will get an IP address from the anchor WLC, can the traffic be routed back to  the local gateway  Internet at America itself? Is that a good solution?

Labels:
0 Helpful
5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame

‎06-20-2018 06:15 AM

That is a bad design. Layer 2 auth is always done on the foreign and any layer 3 is done on the anchor along with dhcp. Why not have the web portal on the 2504 and then you can place the “guest” traffic locally. You can even look at FlexConnect local switching as a design and auth users but drop their traffic local at the site.
-Scott
*** Please rate helpful posts ***
0 Helpful

abinaya.2.r
Level 1
Level 1
In response to Scott Fella

‎06-20-2018 10:34 AM

But, I would like to segregate the Guest traffic.

0 Helpful

abinaya.2.r
Level 1
Level 1
In response to abinaya.2.r

‎06-21-2018 04:59 AM

The issue here is I am trying to solve  how we can keep the single WLC (Anchor) to manage the password for Guest users and use the local site gateway to access the internet.

Is it a feasible solution?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to abinaya.2.r

‎06-21-2018 07:04 AM

There is no possible way to do that. You would need something like ISE to host the portal page and user accounts.
-Scott
*** Please rate helpful posts ***
0 Helpful

abinaya.2.r
Level 1
Level 1
In response to Scott Fella

‎06-22-2018 08:20 AM

ok. On the foreign WLC, can I say the guest users on Layer 3 web auth to redirect the web page to an external server and give the anchor WLC as external server?

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card