Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1921
Views
5
Helpful
10
Replies

Guest WLC Vlan Select

Colm OLeary
Level 1
Level 1

‎02-24-2013 01:27 PM - edited ‎07-03-2021 11:36 PM

Hi,

I am looking aat desgning a Guest Wireless Network using Dual Anchor and Dual Foreign (Internal) WLC's for Redundancy.

For scalability I want to assign a single Guest SSID to multiple vlan interfaces on the Guest Controller using Interface Groups and Vlan Select.

Is this feature supported with 2 Anchor WLC's. Reading from below it seems that it is not possible if the WLAN is Anchored to 2 Anchor WLC's?

"As part of the VLAN Pooling feature, the “Mobility Announce” message will carry an additional vendor payload containing the list of VLAN interfaces mapped to a WLAN. This helps the anchor controller to decide on Local > Local type of handoff. The introduction of this feature also ensures that the inter release mobility is not affected. In a guest tunneling scenario, clients joining on “export foreign” will receive an IP address from the interface group mapped to the WLAN on the “export anchor” or as per the foreign mappings configured on the “export anchor”. If the clients who have joined over “export foreign” move to the “export anchor” controller, they may lose their IP address, which means mobility is not supported between those two. However, if the clients move between two “export foreign” controllers, they will retain their IP address, which means roaming is supported in that scenario."

Colm

Labels:
0 Helpful
10 Replies 10

Scott Fella
Hall of Fame
Hall of Fame

‎02-24-2013 07:54 PM

Well what you are referencing to is how roaming works. So even if the users roams from an ap on one WLC to an ap on another WLC, you will have seamless roaming.

Now the only way I can see the client move from one guest anchor to another is if they are disconnected from the network and having to login again (WebAuth). I wouldn't worry about roaming between the guest anchors because that should never happen. Roaming can occur on the foreign WLCs though.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎02-24-2013 10:32 PM

Multicast forwarding to anchor is unsupported so using vlan select will not help optimize multicast across multiple vlans.

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b78900.shtml

This feature also provides the solution to guest anchor restrictions where now wireless guest user on foreign location can get an IP address from multiple subnets based on their foreign locations/foreign controllers from same Anchor WLC.

I guess what they're meaning is, if mobility tunnel exist between all foreigns and anchors, on wlan1 - if Anchor1 is mapped to IG(vlan5 & 6) and Anchor2 is mapped to vlan10, with this setting if client currently have ip from vlan5 that is connected to Foreign1 roaming to Foreign2 will have to establish a tunnel for this L3 roaming to maintain the ip from vlan5 and will have an issue.

0 Helpful

Colm OLeary
Level 1
Level 1
In response to Saravanan Lakshmanan

‎02-25-2013 03:40 AM

Guys,

Thanks for your inputs.

The specific use case I am conerned about is if I have 2 Anchor WLC's and 1 Internet WLC.

In a standard configuration the Internal WLC would be configured with the 2 Anchor WLC's and would load balance the traffic across each Anchor WLC. This would not effect the client as if it was routed to Anchor WLC A it would be terminate on a single dynamic interface and if it was route to Anchor WLC B it would terminate off a single dynamic interface - Both Dynamic Interfaces would be in the same vlan so there would be no routing issue.

In a vlan select/interface groups configuration the Internal WLC would be configured with  the 2 Anchor WLC's and would load balance the traffic across each Anchor  WLC. When client is routed to Anchor WLC  A it would be terminate on a dynamic interface that is part of the interface groups but if it was  route to Anchor WLC B there is no guarantee that it would terminate off the same dynamic interface on the Interface Groups and be in the same vlan as Anchor A.

This is the specific scnario that I am truing to avoid as I need HA on the Anchor WLC's and I need to be able to scale using Vlan Select.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎02-25-2013 04:41 AM

Like I mentioned, the only way a user would move from one anchor to another is if they dropped, session timer expired and they had to log back in or the idle timer expired. I have this setup at a few clients and for one, guest don't tend to roam around and if they drop... I don't really care.

Now if your planing on doing HA for re anchor, then you don't have these different vlans because you only can configure the primary HA WLC. So when you mention HA, are you talking about redundant anchor WLC, HA pair or N+1 with 7.4.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Colm OLeary
Level 1
Level 1
In response to Scott Fella

‎02-25-2013 06:33 AM

Scott,

The internal WLC is in a HA configuration (5508 + 1)

The Anchor WLC's are not in a HA pair but are regular WLC's (5508 + 5508)

This setup is for mutiple WLAN's (not just Guests) that will be routing to the internet so I need to ensure the service is stable for all users.

I guess it come down to how the Internal WLC load balanced the traffic over 2 EOIP tunnels on a per client basis. If I can guarantee that each client will use EOIP Tunnel 1 to Anchor WLC 1 for the duration of the session then it is only in a reassociation scenario would the possiblity of the EOIP Tunnel 2 to Anchor WLC 2 come into play and the possibilty of being introducted into a new vlan.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Colm OLeary

‎02-25-2013 09:23 AM

So the WLC will not switch the anhor on a client so you shoulod be fine. It will make the initial decision and that client anchor will stay the same.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Colm OLeary
Level 1
Level 1
In response to Colm OLeary

‎02-26-2013 12:29 AM

If I put a seconnd Internal WLC in place and roam from Internal WLC 1 to Internal WLC 2 will I always be tunnel bacl to the original Anchor WLC 1 even if Internal WLC 2 has an EOIP tunnel to Anchor WLC 2?

May have to just test this...

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Colm OLeary

‎02-26-2013 04:56 AM

Yes. This is part of the seamless roaming process intra-roaming, inter-roaming and layer 3 roaming.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Colm OLeary
Level 1
Level 1
In response to Scott Fella

‎03-04-2013 07:55 AM

FYI,

My Cisco SE has come back with a confirmation that this design is suppored.

Thanks Scott.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Colm OLeary

‎03-04-2013 08:40 AM

No problem... good luck!

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card