Solved: Multiple Anchor Tunnels on one 5508 Controller

Shawn Purdy · ‎01-03-2012

Hello all,

I'm trying to research the tunnel limits on a 5508 controller if you're terminating controllers to two different SSID's. For example. In my DMZ i have a GUEST SSID for contractors and guests and then I have another SSID used by employees so that tablet and mobile phone users can access the interenet. Because we don't trust any of these devices we have that SSID is termiated just as we do our GUEST SSID.

To reduce the number of anchor controllers I deploy, I wanted to start with one 5508 Controller. (then move up to about 3) This controller would have two SSID's, GUEST & MOBILE. On the Foreign controllers when I setup anchor tunneling I will be anchoring to the same controller however to two different SSID's.

Per the 5508 specs it supports 71 tunnels.

So my question to the group is, will the 5508 see this anchoring as one tunnel each? Or does it support 71 Tunnels per SSID?

George Stefanick · ‎01-03-2012

Correct ..

Think of it this way ...

When you add the foreign to the anchor in a mob group and it creates a EoIP connection between the 2 devices. This is the 71 reference. Inside this EoIP you can anchor as many SSIDs you want. It still 1 EoIP tunnel regardless.

This is where the mobility domain comes into play (71).

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

Scott Fella · ‎01-03-2012

This link might help:

Q. How many Ethernet over IP (EoIP) tunnels can be terminated on a guest anchor controller?

A. One guest anchor controller can terminate up to 71 EoIP tunnels from internal WLAN controllers. This capacity is the same across any model of the Cisco Wireless LAN Controller. More than one guest anchor controller can be configured if additional tunnels are required.

EoIP tunnels are counted per WLAN controller, independently of the number of tunneled WLANs or Secure Set Identifiers (SSIDs) in each EoIP.

One EoIP tunnel is configured between the guest anchor controller and each internal controller that supports access points with guest client associations.

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Shawn Purdy · ‎01-03-2012

So based on this it looks like I will need to keep the networks on seperate controllers, if I want to have enough space. I was afraid of that.....

George Stefanick · ‎01-03-2012

Thats a great question. My understanding is the EoIP tunnel created between the foreign and the anchor counts as "1" of the 71. Within that tunnel you can anchor 1 or more SSIDs.

Q. In guest tunneling, how many Ethernet over IP (EoIP) tunnels can be formed between a single anchor WLC to different internal WLCs?

A. A single anchor WLC supports up to 71 EoIP tunnels with one tunnel per internal WLC. These WLCs can be of different mobility groups.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Shawn Purdy · ‎01-03-2012

Bummer, I was hoping to consolidate equipment, but it looks like i'll be opening up the checkbook for more anchors.

George Stefanick · ‎01-03-2012

How big is your deployment ? I have 30 WLCs and anchor to 2 WLCs (for failover purposes). How big of a deployment are you looking at ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Scott Fella · ‎01-03-2012

Wow... You have more than 71 WLC's that need to connect to the guest anchor?

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

George Stefanick · ‎01-03-2012

Perhaps you are confusing the SSIDs counts?

Example:

5508 <--- EoIP -----> 5508 = 1 tunnel regarless of how many SSIDs you anchor inside that tunnel ...

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Shawn Purdy · ‎01-03-2012

George Stefanick wrote:

Perhaps you are confusing the SSIDs counts?

Example:

5508 <--- EoIP -----> 5508 = 1 tunnel regarless of how many SSIDs you anchor inside that tunnel ...

So if i understand correclty if I have two SSID's on my anchor, if my foreign controller is connected to this anchor one tunnel will support both SSID's?

That sounds more promising and along the lines as to what I wanted to design.

George Stefanick · ‎01-03-2012

Correct ..

Think of it this way ...

When you add the foreign to the anchor in a mob group and it creates a EoIP connection between the 2 devices. This is the 71 reference. Inside this EoIP you can anchor as many SSIDs you want. It still 1 EoIP tunnel regardless.

This is where the mobility domain comes into play (71).

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Shawn Purdy · ‎01-03-2012

Awesome, I've got a spare 5508 that I will test this out with. This is the exact direction I wanted to go but just needed to confirm that I could do such a think.

Thanks guys for you help.

Shawn

George Stefanick · ‎01-03-2012

No worries... Feel free to support the rating system! LOL

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick · ‎01-03-2012

btw -- If you do a show mob sum you will see how many members. Each member equals a EoIP tunnel

(WiSM-slot1-1) >show mobility summary

Symmetric Mobility Tunneling (current) .......... Enabled

Symmetric Mobility Tunneling (after reboot) ..... Enabled

Mobility Protocol Port........................... 16666

Default Mobility Domain.......................... George_LAB

Multicast Mode .................................. Disabled

Mobility Domain ID for 802.11r................... 0x519c

Mobility Keepalive Interval...................... 10

Mobility Keepalive Count......................... 3

Mobility Group Members Configured................ 22

Mobility Control Message DSCP Value.............. 0

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Shawn Purdy · ‎01-03-2012

Right now I have two anchors and have a need for a 3rd just for Guest. I have one anchor for my Mobile devices. I'm supporting well over 150 foreign controllers. Needless to say I can't wait to get my hands on a 7500 controller.

Scott Fella · ‎01-03-2012

Yeah that is a lot of WLC's:)

-Scott
*** Please rate helpful posts ***