Solved: Guest Wireless Anchor Controller w/ Different Mobility Domain / Group

rbauer · ‎10-05-2011

I have 3 remote controllers that I need to anchor to a guest wireless controller in a DMZ.

Each of the 3 remote controllers has it's own unique mobility domain and unique mobility group.

Can these 3 remotes share a common guest anchor (for the guest SSID) even though their mobility domains and mobility groups are all different from each other ?

Do I need to make the mobility domains or the mobility groups the same anywhere for this to work or will anchoring work regardless ?

Also what do I do syntactically in the mobility group static table where each controller's MAC address and mobility group need to be listed ?

In a perfect scenario ALL the controllers would be in the same domain / group but that is not the case here.

Any help would be really appreciated.

George Stefanick · ‎10-05-2011

Rbauer,

Yes, you can do this and I will explain how. This comes in very handy when you have a lot of WLC and you start to exceed the 24 WLC max in a mob group.This way you dont have to include the DMZ controllers into your count. Also, when you do the mob groups like this you can easyily identify the WLC when looking for the Up Up ...

Example -- Internal (foreigh controllers)

Controller#1 - mob_group_1mac: 1111.1111.1111

Controller#2 - mob_group_2 mac: 2222.2222.2222

Controller#3 - mob_group_3 mac: 3333.3333.3333

Your DMZ WLC

Controller#DMZ1 - mob_group_DMZ_A mac: 9999.9999.9999

The config is simple.

On your controllers (internal) 1,2 and 3 ADD the DMZ WLC into the mob group.

IP: x.x.x.x mob group: mob_group_DMZ_A mac: 9999.9999.9999

The config on the DMZ controller add your 3 MOB groups:

IP: x.x.x.x mob grouo: mob_grouo_1 mac: 1111.1111.1111

IP: x.x.x.x mob group: mob_group_2 mac: 2222.2222.2222

IP: x.x.x.x mob group: mob_group_3 mac: 3333.3333.3333

If you do it all right they will be UP UP ...

If you find this helpful please rate the post and mark it as answered ..

Thanks

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

George Stefanick · ‎10-05-2011

Ok good luck. it works I have some VERY large installs confgiured this way for the last few years with no issues.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

George Stefanick · ‎10-05-2011

There are pertainent settings that do need to be identical.

Exmaple -- Your wlan example (GUESTWIFI) needs to be IDENTICAL in config as your wlan in the GUEST DMZ down to each setting and timer. Except for the dynamic interface.

Your internal controllers GUEST WLAN interface should tie to a dummy non routed interface while your guest DMZ interface should tie to your wired side..

If your settings arent the same you could see odd stuff like wireless clients not joining the guest wlan or getting expired before their timeout.

Make sense?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

George Stefanick · ‎10-05-2011

On your internal WLCs you guest WLAN should be tied to dummy interfaces. If you dont, and the anchor tunnel breaks for whatever reason your guest will be driven to the heart of your network

If any of this helps kindly rate the post!

Thanks again!

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

George Stefanick · ‎10-05-2011

Rbauer,

Yes, you can do this and I will explain how. This comes in very handy when you have a lot of WLC and you start to exceed the 24 WLC max in a mob group.This way you dont have to include the DMZ controllers into your count. Also, when you do the mob groups like this you can easyily identify the WLC when looking for the Up Up ...

Example -- Internal (foreigh controllers)

Controller#1 - mob_group_1mac: 1111.1111.1111

Controller#2 - mob_group_2 mac: 2222.2222.2222

Controller#3 - mob_group_3 mac: 3333.3333.3333

Your DMZ WLC

Controller#DMZ1 - mob_group_DMZ_A mac: 9999.9999.9999

The config is simple.

On your controllers (internal) 1,2 and 3 ADD the DMZ WLC into the mob group.

IP: x.x.x.x mob group: mob_group_DMZ_A mac: 9999.9999.9999

The config on the DMZ controller add your 3 MOB groups:

IP: x.x.x.x mob grouo: mob_grouo_1 mac: 1111.1111.1111

IP: x.x.x.x mob group: mob_group_2 mac: 2222.2222.2222

IP: x.x.x.x mob group: mob_group_3 mac: 3333.3333.3333

If you do it all right they will be UP UP ...

If you find this helpful please rate the post and mark it as answered ..

Thanks

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

rbauer · ‎10-05-2011

Hi George,

Thank you very much for your help. I will try this out and let you know how it goes.

Again,

Thanks.

George Stefanick · ‎10-05-2011

Ok good luck. it works I have some VERY large installs confgiured this way for the last few years with no issues.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

rbauer · ‎10-05-2011

Hi George,

Can you please help with one more related question -- In the head office I have two remote controllers that had to be to be identically configured like each other in order for the mobility to work right and stay up. All of their settings had to be identical. Do all the configuration settings on the dmz controller also have to be identical to the configuration settings on the remote controllers even though there are no APs on the DMZ controller ?

George Stefanick · ‎10-05-2011

There are pertainent settings that do need to be identical.

Exmaple -- Your wlan example (GUESTWIFI) needs to be IDENTICAL in config as your wlan in the GUEST DMZ down to each setting and timer. Except for the dynamic interface.

Your internal controllers GUEST WLAN interface should tie to a dummy non routed interface while your guest DMZ interface should tie to your wired side..

If your settings arent the same you could see odd stuff like wireless clients not joining the guest wlan or getting expired before their timeout.

Make sense?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

rbauer · ‎10-05-2011

This makes perfect sense now. Thanks again.

George Stefanick · ‎10-05-2011

On your internal WLCs you guest WLAN should be tied to dummy interfaces. If you dont, and the anchor tunnel breaks for whatever reason your guest will be driven to the heart of your network

If any of this helps kindly rate the post!

Thanks again!

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick · ‎10-05-2011

Im glad everything worked out...

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________