02-01-2013 01:46 AM - edited 07-03-2021 11:27 PM
Hi,
We are trying to setup a a segregated DMZ wireless network.
I've attached a simple topology to illustrate. So we have foreign controller and anchor controller. Firewall ports UDP16666,16667 and IP97 have been enabled and EoIP tunnel itself is up.
The client is also able to connect to the TEST ssid and obtain IP address from the DHCP server. But the client can't reach the gateway or any other network. The client's gateway is the firewall where the Anchor is connected.
Does anyone have experience setting up EoIP tunnels and DMZ wireless? What could be the issue?
I've been reading the Cisco guide and searching all over the internet without any success.
Any help will be appreciated.
Regards,
Delgee
Solved! Go to Solution.
02-01-2013 06:30 AM
Yes it terminates in your interface in the DMZ. Is your dhcp handing out address with internal dns servers or external. The easiest way to test is to connect your laptop to the same vlan the guest wireless users are connecting on the DMZ switch. See if you have Internet or not. This eliminates the wireless side.
Sent from Cisco Technical Support iPhone App
02-01-2013 05:20 AM
Doesn't look like your tunnel
Is working. If you didn't open up dhcp from the DMZ to the dhcp server and back, the clients should not be able to get a dhcp address. Look to make sure the mobility is up between the foreign and the anchor. Also you should see the client on both the foreign and the anchor. The WLAN SDID's also need to be exactly the same for e caption of the interface and you need to anchor the foreign SSID to the anchor wlc and the anchor wlc SSID to itself.
Review this doc as it e plains what needs to be done on both WLCs
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html
Sent from Cisco Technical Support iPhone App
02-01-2013 06:23 AM
The tunnel is up, I've enabled DHCP traffic between the DMZ subnet and the DHCP server on the firewalls that sit between them. The client is able to obtain IP address from the DHCP server and connect to the wireless network.
Also the client is shown on both the foreign and anchor controllers. The mobility says up, both data and control path.
I'm just wondering how the traffic actually terminates after reaching the anchor wlc through the eoip tunnel. My understanding is that it is supposed to terminate directly to the interface specified under the WLAN but I'm sure.
02-01-2013 06:30 AM
Yes it terminates in your interface in the DMZ. Is your dhcp handing out address with internal dns servers or external. The easiest way to test is to connect your laptop to the same vlan the guest wireless users are connecting on the DMZ switch. See if you have Internet or not. This eliminates the wireless side.
Sent from Cisco Technical Support iPhone App
02-03-2013 08:57 PM
Thanks, I'll test that and see how it goes.
I'm thinking of doing some packet capture on the wireless client, any advise you can provide?
Regards,
Delgee
02-06-2013 03:30 AM
The problem has been fixed.
May be useful tonpeople who have same issue - the configuration and setup was perfectly fine and only the client couldn't access the network. The problem was with the Anchor WLC. Rebooting the anchor wlc fixed the problem.
It seems after mobility anchor settings are configured, the wlc (only anchor, not foreign) need to be rebooted.
Delgee
Sent from Cisco Technical Support iPhone App
02-06-2013 05:02 AM
Thanks for the fololow up... this will help other who have ran into the same issue as you.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide