George,

In my opinion, whether the guest wlan on the Anchor controller is mapped to the management interface or not doesn't matter as it is behind the FW and there is no external DHCP server. When the I first configured the 5508 to relay guest traffic, it worked. But because of increasing demand for guest access in some sites with 4400s, I had to integrate the 4400. The config on the 4400 Foreign controllers were made similar to the 5508:

1. Created guest wlan and dhcp server override with IP address of the anchor

2. Created mobility group

From the debug, the Foreign 4400 actually contacted the Anchor, but there was no handoff. That is why I earlier said that the only change I intend to make is to create a guest interface on the Anchor and see if it solves the problem. But it is strange that the 5508 could hand off to the 4400 Anchor but the 4400 Foreign can't.

I agree, i was thinking intrenal, my bad. But if you map it on the mangement interface your guest clients are sitting on and can access the mangament . But regardless, they can anyway becuase its connected route in the wlc.. but anyway

What is your code revs on all these controllers?

The 4400s are on code 7.0.230. The 5500s are on 7.2.

Normally when anchoring cisco recommends staying on the same 7.x code. But I understand, 4400 cant support 7.2.

I know I've had anchoring issues when my anchors were on 5.x and my foreign controllers were on 6.x

4400s can't do 7.2. The highest code for 4400 is 7.0.230. 7.2.130 is meant for 5500s

I understand.

But perhaps, since you are anchoring between 2 diferent major releases could be your issue. I have deployed more guest networks then I can count. And it sounds like your config it ok.

I know on a few TAC calls the engineer referenced to insure both anchor and foreign were at least on the same main rev and not to mix.

7.0.98.0 <--> 7.0.116.0 OK

6.0.115.0 <--> 7.0.116.0 not ok

George, different major releases are fine:

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml#Q-Aug08

With that said I haven't tested 7.2 foreign to 7.0 anchor. Should work though, might have to fire up the lab and see what happens.

Well he mentioned he didn't have any issue with the 5500's anchoring to the 4400 in the DMZ. His issue is a foreign 4400 anchored to the 4400 DMZ wlc. So it looks like you can have an anchor from 7.2 to 7.0 with no issues.

Thanks,

Scott Fella

Sent from my iPhone

Have you been able to gather the debugs I talked about earlier? If so, can you post them?

Steve

Sent from Cisco Technical Support iPhone App

Unfortunately, I've been busy with some project planning stuff and I'll embark on a short trip tomorrow. I'll post the debugs on Thursday.

Please see attached debugs;

1. DEBUG-MGT-Interface -- is a debug when guest wlan is mapped to management interface.

2. DEBUG-Guest-Interface --- is a debug when guest wlan is mapped to a separate guest interface.

The results are the same in both instances.

10.20.x.x is the Anchor controller

17x.5x.1.x is the management interface of the 4400 Foreign controller

17x.x9.2.x is the guest interface created on the 4400 Foreign controller

these both were run on the Anchor?

what I would like to see is the debug mobility handoff enable run on both the internal and the DMZ WLC.  If you want to run debug cleint < client mac address > enable on the anchor that is fine as well.

when running these debugs, have the setup as you would normally.

Steve

Stephen,

They were both run on the Foreign. Forgot to upload that from the Anchor. Occured to me that I didn't upload that from the Anchor. Will do so in the morning.

See attached the debug for the Anchor controller and debug client mac on the foreign controller. On the Anchor, I noticed a message: Vlan List payload not found, ignoring. This to my knowledge means a bug issue in the Data path. However, note that my Control and Data paths are up and there is nothing preventing communication between both controllers across the FW.