Mobility Anchor load balancing clarification

Hello, I have several branch offices (local) set up on 4400 WLC's serving local Wireless lan access. These controllers have a guest network set up that uses the mobility anchor for a controller set up in a DMZ at a data center.

The guest access works fine.

I am setting up a second controller in the DMZ datacenter to provide resilience.

I understand the local WLC will choose one of the 2 DMZ anchor controllers and will load balance traffic for the guest net - however I have a few questions.

Up until now, the single guest controller was configured to be in a mobility group called "GuestNet".

Should the second controller be configured as part of that mobility group or does it not matter?

(controller - mobility - edit all)

I intended on having anchor controller A use one DMZ subnet, and anchor controller B use a different subnet - does this work?

I.e. do packets get load balanced across the 2 controllers in 2 eoip tunnels or is it user session based so that one person gets established on controller 1 and stays on it? (therefore IP address assignment between 2 controllers shouldnt matter?)

Level 4
Level 4

As an update - my Cisco SE from the account team has told me that both of the anchor controllers should be in the same mobility group.

I am going to try this configuration over the weekend and will report back.

If you plan on having redundancy for the guest anchor then you need then to be on th esame mobility group with the same vip address. Unfortunately load-sharing isn't deterministic, so you can't say site A will use dmz A or site site B will use dmz B. Also you will need the FW to allow ip97 and udp 16666 and 16667 to and from each dmz wlc so guest users don't reauth when there is inter controller roaming.

And that's fine - essentially both WLC's are in the same "dmz" - i'm just using a seperate subnet on each so I can manage the DHCP server on both a little easier.

