Re: Two Guest Wifi WLANd on a foreign WLC

matthewlmartin323 · ‎12-08-2020

New to questions here. I have a foreign WLC that has guest wifi with the anchor in the DMZ. If I am trying to add a second guest WLAN, is there something specific I need to do?

The original guest uses the mgmt interface (not recommended) and I created a new interface for the second. I assigned the same mobility anchor to each WLAN and local for both on the anchor. The mobility groups are UP and a user can connect, but not receive an IP from DHCP.

The DHCP is from a ASA that is the gateway for both (and many other) WLANs. The VLAN is added for the switches between the Anchor WLC and FW and all configuration in the ASA and switches are identical to all existing guest wireless deployments. All configurations for the WLANs in the foreign WLC are identical to other sites using guest wifi, but this is the first multiple guest scenario.

On the Anchor WLC, the IP for the second guest interface is .2, Gateway is the FW.1 and DHCP is the FW .1.

Under the advanced tab is set to use DHCP required check box.

sorry, new to questions here again.
let me know if a picture would help or something

Scott Fella · ‎12-08-2020

What is the use case to have two SSID’s anchored back? Here are some suggestions in regards to anchoring:
mobility group is up which you said it was
each ssid that is anchored must have a duplicate ssid on the anchor
foreign controller ssid is set to anchor to the anchor controller
anchor controller ssid is set to anchor to itself
SSID that is open, device will authenticate on the anchor. SSID that is using WPA2 for example will authenticate to the foreign
The key is that the ssid is a duplicate and the only difference can be the interface that a mapped to.

-Scott
*** Please rate helpful posts ***

matthewlmartin323 · ‎12-08-2020

My bad, so they’re two different guests not duplicate. One is visitor one is employee owned devices. They want a separate guest even though they share the same resources anyways.

both ssid are created on the foreign and anchor wlc

Scott Fella · ‎12-08-2020

Well it should work as long as you have employee guest ssid and guest ssid configured on both the foreign and anchor.

-Scott
*** Please rate helpful posts ***

matthewlmartin323 · ‎12-08-2020

Alright, I’ll keep looking. I just wanted to make sure there wasn’t anything on the WLC for multiple guest wlans cause I’m still not super at them yet.

Scott Fella · ‎12-08-2020

There isn't... as long as your have mobility and the ssid's are anchored properly, then you should not have any issues. You can also tell if your clients are being anchored by looking at the client on the foreign and anchor. Have you validated that dhcp works in the dmz or are you using the same interface for both?

-Scott
*** Please rate helpful posts ***

Grendizer · ‎12-09-2020

That’s a typical scenario when you have mismatch WLAN/SSID settings/config from the foreign and the anchor WLCs.

You need to make sure that all settings/config for the two WLANs/SSIDs in foreign and anchor WLCs are the same.

In general, these are accepted differences between the two WLANs:

WLAN id, interface, PSK, AAA and obviously WLAN Anchor settings.

Other than that, everything need to be the same. When you fix that, the client will get IP addresses.

Two Guest Wifi WLANd on a foreign WLC

problem Wifi guest with cisco ise wlc message: Redirect ACL failure

WLC 9800 Guest SSID not redirecting to Guest Portal in Clearpass

Enterprise and Guest SSID on Foreign WLC

Isolating Guest Wifi Traffic

Cisco 9800 Web Auth Guest WIFI Certificate