I have 2 WLc 4402. 1 Remote and 1 DMZ. I have read the deployment guide for guest access 20 times and still cannot get it to work. a couple answers that I don't see in the guide. 1. Do AP's need to be associated with the DMZ WLC? 2. Am I anchoring my management IP or a different Dynamic IP? I have verified with Eping and mping that the tunnels should be able to be created, how do I verify? An issue that concerns me is that I cannot ping (ICMP) my remote WLC mgmt interface from the DMZ WLC. I know I have connectivity because of eping, mping and https mgmt from the same subnet as the DMZ WLC MGMT Interface. should I be concerned about this? It could just be ICMP blocked at the FW.
I am trying no to open a support ticket as I am sure this is a simple issue. One of my problems is that my VLANs cannot be tagged because the DMZ VLAN does not reside on our core switches and hence I cannot do 802.1Q which is discussed on page 4 of the dep. guide. to get around this I configured IF/2 on my Remote WLC to an IP from my DMZ subnet? Is this ok, is it needed?
Summary Internal IF 188.8.131.52 for both WLC
MGMT = 10.160.24.30 IF/1
AP-MGMT = 10.160.24.31
Service = 192.168.0.10
guest = 10.160.80.16 IF/2
MGMT = 10.160.80.15
ap-mgmt = 10.160.24.33 (don't need?)
service = 192.168.0.10
internet = public IP to be natd by FW
I am a newbie to the Cisco WIFI world, but not to IT/networking.
I had the same issue about guest DMZ controller , do I need to config same SSID on both of anchor and foreign controller ? I also need to use web-auth for wireless guest , which controller's SSID need to be configured web-auth ? By the way , I found a example on CCO , but only for "wired" ,