Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
4
Helpful
5
Replies

Questions about a new Mobility member (5508 with 9800)

Go to solution
Jalmeida
Level 1
Level 1

‎08-14-2024 11:54 AM 

Sirs

Controller in DMZ is new to me, and a question arose.

We have a WLC9800 that closes a tunnel with a 5508 that is in the DMZ. Everything works normally, but now, we plan to configure a new 9800 that will be used as a Backup.

On the current 9800, it has a WMI that closes the Tunnel with the 5508 (WLC DMZ) and guest users connect normally, with the addition of the other 9800, what should I worry about?
I've read some documents, but nothing specific, for example:

I know I have to go to 5508, and configure:
AAA;
Add this AAA to the WLC;
Configure Mobility;
Pair this Mobility on the WLC.

But regarding IP addressing, do I need to do some configuration, or will the requests that will come from the new wlc receive the IP of the 5508 normally?
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to Jalmeida

‎08-14-2024 03:14 PM

Now is way better,

I will stick with the Guest deployment.  As soon as you install the WLC on the site B and stablish the tunnel with 5500 , guest clients from site B will be working on the same way Site A.

 For mobility anchor the DHCP and authentication is handled by the WLC on the DMZ and the WLC on the Corp is used only to collect the guest traffic and send it through the tunnel to the DMZ.

In the event of Site A drops and APs is migrated to the  WLC on site B, nothing changes. The tunnel will be up between 9800 site B and 5500 on DMZ. The 5500 will continue to handle everything for the guest user, now using the tunnel it has with 9800 on side B.

FlavioMiranda_0-1723673573727.png

 

 

View solution in original post

Go to solution
Jalmeida
Level 1
Level 1
In response to Flavio Miranda

‎08-14-2024 03:23 PM

Perfect!
Perfect!
Perfeito!
That was the question I had.
Thanks for the clarity in the saved answer!

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Flavio Miranda
VIP
VIP

‎08-14-2024 02:12 PM

Hi @Jalmeida 

 Your question is not clear to me so I will reply with some questions.

If I undestood correctly,  you have currently a pair of 9800 and 5500 as Foreign and Anchor and this is working fine.  You mentioned that now a new 9800 will be added to the topology.  Will this new WLC be added on the DMZ as backup of the 5500 or on the Corp as backup of the 9800?

If it will be on the corp why not add it as SSO with the current 9800?

Related to your question:

"

But regarding IP addressing, do I need to do some configuration, or will the requests that will come from the new wlc receive the IP of the 5508 normally?

 Neither way the new WLC will receive IP address, you need to create a new tunnel between the new WLC and the 5500 if you want to use them as Foreign and Anchor.  

If you elaborate the question better would be easier to help.

Go to solution
Jalmeida
Level 1
Level 1
In response to Flavio Miranda

‎08-14-2024 02:50 PM - edited ‎08-14-2024 02:51 PM

Hello @Flavio Miranda 

Thank you for your quick response.
I apologize for not being clear in my question.

My current environment is:

1 5508 in the DMZ (Guest)

2 9800 in SSO (site A)

I will configure a new 9800 (site B ), because if the SSO of site A fails, the APs will migrate to site B. Site B has its WMI and its IP addresses, but it needs to communicate with the 5508 to offer connectivity to the guest network.

In addition to the actions I mentioned, I have doubts as to whether it would be just a matter of configuring Radius/Mobility for the WLC of site B to establish connectivity with the portal and release IP for the Guest users (in case of failure of site A).

I will do a test and want to know if that is all it really is

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Jalmeida

‎08-14-2024 03:14 PM

Now is way better,

I will stick with the Guest deployment.  As soon as you install the WLC on the site B and stablish the tunnel with 5500 , guest clients from site B will be working on the same way Site A.

 For mobility anchor the DHCP and authentication is handled by the WLC on the DMZ and the WLC on the Corp is used only to collect the guest traffic and send it through the tunnel to the DMZ.

In the event of Site A drops and APs is migrated to the  WLC on site B, nothing changes. The tunnel will be up between 9800 site B and 5500 on DMZ. The 5500 will continue to handle everything for the guest user, now using the tunnel it has with 9800 on side B.

FlavioMiranda_0-1723673573727.png

 

 

Go to solution
Jalmeida
Level 1
Level 1
In response to Flavio Miranda

‎08-14-2024 03:23 PM

Perfect!
Perfect!
Perfeito!
That was the question I had.
Thanks for the clarity in the saved answer!

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Jalmeida

‎08-14-2024 03:33 PM

Sempre as ordens man!

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card