Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1650
Views
0
Helpful
8
Replies

Guest Wireless Anchor Controller w/ Different Mobility Domain / Group

Go to solution
rbauer
Level 1
Level 1

‎10-05-2011 11:39 AM - edited ‎07-03-2021 08:52 PM

I have 3 remote controllers that I need to anchor to a guest wireless controller in a DMZ. 

Each of the 3 remote controllers has it's own unique mobility domain and unique mobility group.

Can these 3 remotes share a common guest anchor (for the guest SSID) even though their mobility domains and mobility groups are all different from each other ?

Do I need to make the mobility domains or the mobility groups the same anywhere for this to work or will anchoring work regardless ?

Also what do I do syntactically in the mobility group static table where each controller's MAC address and mobility group need to be listed ?

In a perfect scenario ALL the controllers would be in the same domain / group but that is not the case here.

Any help would be really appreciated.

Labels:
0 Helpful
4 Accepted Solutions

Accepted Solutions

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎10-05-2011 12:21 PM

Rbauer,

Yes, you can do this and I will explain how. This comes in very handy when you have a lot of WLC and you start to exceed the 24 WLC max in a mob group.This way you dont have to include the DMZ controllers into your count. Also, when you do the mob groups like this you can easyily  identify the WLC when looking for the Up Up ...

Example -- Internal (foreigh controllers)

Controller#1 - mob_group_1mac: 1111.1111.1111

Controller#2 - mob_group_2 mac: 2222.2222.2222

Controller#3 - mob_group_3 mac: 3333.3333.3333

Your DMZ WLC

Controller#DMZ1 - mob_group_DMZ_A mac: 9999.9999.9999

The config is simple.

On your controllers (internal) 1,2 and 3 ADD the DMZ WLC into the mob group.

IP: x.x.x.x mob group: mob_group_DMZ_A mac: 9999.9999.9999

The config on the DMZ controller add your 3 MOB groups:

IP: x.x.x.x mob grouo: mob_grouo_1 mac: 1111.1111.1111

IP: x.x.x.x mob group: mob_group_2 mac: 2222.2222.2222

IP: x.x.x.x mob group: mob_group_3 mac: 3333.3333.3333

If you do it all right they will be UP UP ...

If you find this helpful please rate the post and mark it as answered ..

Thanks

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to rbauer

‎10-05-2011 12:57 PM

Ok good luck. it works I have some VERY large installs confgiured this way for the last few years with no issues.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to rbauer

‎10-05-2011 03:33 PM

There are pertainent settings that do need to be identical.

Exmaple -- Your wlan example (GUESTWIFI) needs to be IDENTICAL in config as your wlan in the GUEST DMZ down to each setting and timer. Except for the dynamic interface.

Your internal controllers GUEST WLAN interface should tie to a dummy non routed interface while your guest DMZ interface should tie to your wired side..

If your settings arent the same you could see odd stuff like wireless clients not joining the guest wlan or getting expired before their timeout.

Make sense?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to rbauer

‎10-05-2011 03:47 PM

On your internal WLCs you guest WLAN should be tied to dummy interfaces. If you dont, and the anchor tunnel breaks for whatever reason your guest will be driven to the heart of your network

If any of this helps kindly rate the post!

Thanks again!

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful
8 Replies 8

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎10-05-2011 12:21 PM

Rbauer,

Yes, you can do this and I will explain how. This comes in very handy when you have a lot of WLC and you start to exceed the 24 WLC max in a mob group.This way you dont have to include the DMZ controllers into your count. Also, when you do the mob groups like this you can easyily  identify the WLC when looking for the Up Up ...

Example -- Internal (foreigh controllers)

Controller#1 - mob_group_1mac: 1111.1111.1111

Controller#2 - mob_group_2 mac: 2222.2222.2222

Controller#3 - mob_group_3 mac: 3333.3333.3333

Your DMZ WLC

Controller#DMZ1 - mob_group_DMZ_A mac: 9999.9999.9999

The config is simple.

On your controllers (internal) 1,2 and 3 ADD the DMZ WLC into the mob group.

IP: x.x.x.x mob group: mob_group_DMZ_A mac: 9999.9999.9999

The config on the DMZ controller add your 3 MOB groups:

IP: x.x.x.x mob grouo: mob_grouo_1 mac: 1111.1111.1111

IP: x.x.x.x mob group: mob_group_2 mac: 2222.2222.2222

IP: x.x.x.x mob group: mob_group_3 mac: 3333.3333.3333

If you do it all right they will be UP UP ...

If you find this helpful please rate the post and mark it as answered ..

Thanks

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
rbauer
Level 1
Level 1
In response to George Stefanick

‎10-05-2011 12:54 PM

Hi George,

Thank you very much for your help.   I will try this out and let you know how it goes.

Again,

Thanks.

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to rbauer

‎10-05-2011 12:57 PM

Ok good luck. it works I have some VERY large installs confgiured this way for the last few years with no issues.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
rbauer
Level 1
Level 1
In response to George Stefanick

‎10-05-2011 03:26 PM

Hi George,

Can you please help with one more related question -- In the head office I have  two remote controllers that had to be to be  identically configured like  each other in order for the mobility to work  right and stay up.  All  of their settings had to be identical.  Do all the configuration settings  on the dmz controller also have to be identical to the configuration  settings on the remote controllers even though there are no APs on the  DMZ controller ?  

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to rbauer

‎10-05-2011 03:33 PM

There are pertainent settings that do need to be identical.

Exmaple -- Your wlan example (GUESTWIFI) needs to be IDENTICAL in config as your wlan in the GUEST DMZ down to each setting and timer. Except for the dynamic interface.

Your internal controllers GUEST WLAN interface should tie to a dummy non routed interface while your guest DMZ interface should tie to your wired side..

If your settings arent the same you could see odd stuff like wireless clients not joining the guest wlan or getting expired before their timeout.

Make sense?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
rbauer
Level 1
Level 1
In response to George Stefanick

‎10-05-2011 03:41 PM

This makes perfect sense now.   Thanks again.

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to rbauer

‎10-05-2011 03:47 PM

On your internal WLCs you guest WLAN should be tied to dummy interfaces. If you dont, and the anchor tunnel breaks for whatever reason your guest will be driven to the heart of your network

If any of this helps kindly rate the post!

Thanks again!

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to rbauer

‎10-05-2011 05:38 PM

Im glad everything worked out...

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card