I actually tried doing this and it didn't work.  Anything else special that needs to be set up?  for instance like certain data rates?

Thanks

I'm confused as to what to put for the egress interface? Would this be my management interface?

Yea, no worries. I think we all get confused on that one as well. The egress is the traffic coming back from the anchor and the interface you want to dump that traffic on.

Example -- I have my egress pointing to an existing wireless interface (production data). This means wired clients will live and get a dhcp from my wirless production data on my foreign WLC.

Make sense?

I'm still a little confused.  So would I need to create this "production data" wireless interface on my office extend controller? The reason I ask is because that would mean that I would need to trunk the VLAN on which this "production data" wireless interface sits on to my DMZ switch.  On my office extend controller I only have one connection plugging into my DMZ network.

No worries..

On your ANCHOR DMZ controller you do not create a WIRED side interface for your WIRED connection. You only create a WLAN intreface for your WIRED side connection.

Then you anchor that WLAN WIRED side back to your foreign WLC.

Think of it like this. It anchor guestm but reverse.

So the officeextends client attaches to the DMZ anchor in this example. (no wired side needed). Once the packet comes in. The DMZ anchor WLC says "hey Im anchored to this foreign controller". The DMZ then sends the client to the foreign (inside) controller. This is where you can either create a new WIRED side VLAN or use an existing WIRED side wireless vlan interface on the egress.

There seems to be a lot of questions around this process. I plan to do a step by step in the next week.

This is making more sense now.  So on the foreign controller, do I need to create the same Remote LAN with the same profile name as the DMZ controller, or would I need to create a WLAN on the foreign controller?

Cool, Im glad. Its a refresher for me too! I've had this set up for a few months now and haven't touched it ...

I think a pic is worth a thousand words. I will explain and provide pics to help..

Foreign Controller -

WLAN TAB - Create a new WLAN (GUEST LAN). Call it OE-WIRED. Then ANCHOR this WLAN to itself <~ Very Importnat

Anchor Controller - Create a new WLAM (Remote LAN). Call it OE-WIRED. Then anchor this WLAN to the foreign controller <~Very important.

Image below is Anchor DMZ WLC

Image below is foreign WLC (inside)

Make more sense now?

That's a big help but I'm still unable to pick up an IP address on my laptop or IP phone. 

Here is the message I'm seeing on my DMZ controller:

*apfMsConnTask_1: Aug 30 15:48:20.201: %APF-1-CONFLICT_IN_ASS_REQ: apf_80211.c:4376 Conflicting Supported Rates in Association Request from70:5a:b6:af:64:91

-Traceback:  10949a28 1094ec10 10779f38 116852e0 116eac4c

To keep things simple.

Do you have a 1 to 1 anchor with a foreign - anchor controller? Or do you have mutliple anchors from teh DMZ to foreign controller(s)?

On your foreign controller. You created a GUEST LAN. What is your ingress and egress confgiured as? On your ingress pick NONE.

BTW -- Are you testing WIRELESS or WIRED ... right now?

I have a a 1 to 1 anchor to foreign controller.  On my foreign controller I have ingress to none and egress: production

I'm testing wired right now, that's the message I'm getting:

*apfMsConnTask_1: Aug 30 15:48:20.201: %APF-1-CONFLICT_IN_ASS_REQ:  apf_80211.c:4376 Conflicting Supported Rates in Association Request  from70:5a:b6:af:64:91

-Traceback:  10949a28 1094ec10 10779f38 116852e0 116eac4c

Lets confirm a few items first:

ANCHOR DMZ WLC...

You have a a WLAN called OE-WIRED (Exmaple).

It is confired for REMOTE LAN

Security Policy is None

It is anchored to the inside foreign WLC ONLY. And not to ltself ..

EGRESS is set with managment interface

FOREIGN WLC

You have a WLAN called OE-WIRED (Exmaple)

It is confgiured as a GUEST LAN

Security Policy is NONE

It is anchored to ITSELF and NOTHING else

Ingress is none

Egress is set to an exsiting WIRED side interface (tested and known working) correct ?

Also your profile name is the same, correct ? Not sure if it has to be.. but for our sake lets make sure they are ..