01-16-2018 03:00 PM - edited 07-05-2021 08:06 AM
Need help with this requirement:
Customer has 2 Sites, and each site has its own WLC, with few SSIDs with respective Vlans (different vlans on both sites). They want to create a new SSID that broadcasts on both sites, but want the traffic for users that connect to it to go out through WLC1, always; no matter where they connect, they want that traffic to leave through WLC1. How can we do that?
We've read about WLC anchoring, but we're not sure if that could apply here. Because they don't have a dedicated WLC to use in a DMZ, they will have both WLCs working on both sites, with different SSIDs (everything managed locally), and they just need a new SSID with traffic always leaving one controller.
Any ideas would be appreciated.
Thanks!
01-16-2018 04:39 PM
Hi
For anchoring both wlc should have same config among other requirements.
Without anchoring you can't do it.
If the idea is to filter this SSID traffic let's say through a firewall or proxy, you use flex connect and forward the B site via layer 3.
-If I helped you somehow, please, rate it as useful.-
01-16-2018 05:52 PM
I had a customer want this on three sites. Like Flavio mentioned, anchoring is the feature that is required. The way we achieved this was to anchor the SSID back to the controller in which the dedicated for egress. As long as you have connectivity and can setup mobility between the two, you can achieve this also. I would say, make sure that the controller supports anchoring and that your code is identical. This is recommended, but can work but also needs to be tested.
01-17-2018 06:53 AM
Thanks Scott.
If we anchor one SSID, DHCP and authentication are still handled locally or will users receive an IP address from Anchor WLC's site?
01-19-2018 06:47 PM
When you anchor the SSID, the dhcp will happen at the anchor controller side. So your subnet on the anchor side for the SSID should be large enough for both sites.
01-17-2018 06:23 AM
Thanks Flavio.
We're thinking of using Flexconnect, and yes, the customer wants that traffic to be filtered by a Proxy that exists only on Site A.
I was thinking how to forward traffic from site B to A for this Vlan.. Maybe a Route-map?
01-17-2018 11:57 AM
Yeah, I think using routing could work.
-If I helped you somehow, please, rate it as useful.-
01-19-2018 05:49 PM
Yes mobility anchoring is the way to go, so to do this, the anchor wlc would have the SSID interface set to the local network vlan (this network is where all traffic will terminate) the other WLC will have the same SSID with its interface set to the management interface. This is important because all anchored traffic will traverse the management interface of the WLC to WLC, so make sure there is no acls blocking the mobility traffic from them. Then you will need to go to the controller tab -->Mobility groups, and create a new mobility group on both controllers that point to each others management IP with the same groupe name. After you finish this you will then navigate to WLANS tab and hover your mouse next to the blue pull down box the the right of the listed SSID. You should see the option for "mobility anchors" click on it. If you are on the WLC where anchor traffic is destined it should already have a entry for local if not select it from the pulldown. On the other controller do the same except select the other WLC ip interface from the pull down. That should be it, I have noticed in the past that the mobility anchors will sometimes take a minute to show up, so hit refresh when checking the status.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide