Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Guest design consideration regarding slow responses from the guest clients

I have a guest anchor configuration with the following specifications. I have one 5508 DMZ controller located in a centrally located data center in once state with a connection to our ISP for internet connectivity. It sits in a DMZ with rules restricting internal and external access.  In two other states (ping responses 15ms and 22ms respectively) I have about 25 5508 controllers and 25 4400 controllers anchoring back to the centralized controller. The links between the sites are varied but mostly 1g to 10g connections between the states and facilities. Of course some have many more hops back to the DMZ. Some closer to the DMZ are of course faster ping responses.

My question is has anybody else had an issue with the Cisco guest solution where they anchored in a DMZ from one state and anchored remote controllers from another state? I have what I believe is a healthy amount of bandwidth available to our guests but over the last year I have been getting more and more problems with slowness and just overall crappy performance. I know every day more and more wifi devices are walking thru the doors and that’s part of the problem but my logs are not showing my internet connection is too terribly much higher than it was since a year ago. Is anchoring from state to state a good idea? Does anybody else do this?

Does anybody else share guest traffic with business traffic on the same link or are you using a dedicated link for guest traffic?

I know this might be pretty vague and you might have a bunch of more questions like are all the ports on the controllers populated with Gig SFPs. The DMZ is for sure and about 80% are but we have a few that are not. Only about 4G is the least we install.

Or do all of the sites experience the same issue? Yes to that one too but not all of the time. It does seem to come in a spurt and does follow the normal high trend of middle of the day lunch time hours.

The SSIDs are all the same SSID and we have over 6000 users on any given day. Also DHCP is being run from the DMZ controller.

Thanks for listening as I was just curious to know if anybody else anchored multiple states with multiple controller back to a third state on a single controller.

Hall of Fame Super Silver

Re: Guest design consideration regarding slow responses from the

I have a few clients that anchor guest traffic from their remote site all over the USA back to one of their DC. I haven't heard any complaints or concerns from them. The links vary in bandwidth. The only thing is different than what you have is that they are not using the anchor WLC as a dhcp. I have had many issues in the past using the WLC in large environments that I don't recommend it. Many of my customer also have redundant guest anchors but only a few would have a dedicated internet for guest. The others share the same internet pipe.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***
Community Member

Re: Guest design consideration regarding slow responses from the

Thank you Scott.  Yes we have discussed a bit of a redesign on guest services and DHCP is on the list.  So your clients share the same Internet pipe so I assume they share the same firewall as well?   Just curious as this was something else we discussed in the redesign.


Cisco Employee

Guest design consideration regarding slow responses from the gue

enable tcp mss on foreign WLCs for guest anchor setup to improve performance. if required, keep decreasing the value until optimal performance is reached.

Community Member

Guest design consideration regarding slow responses from the gue

Thanks for the direction Saravanan.  I've looked around at the setting via the GUI and the command line. Is this setting specific to the APs connected and the foreign WLC side (that's my guess) or does it have to do with the foreign controller's EOIP tunnel back to the Anchor WLC? 

I'll make the assumption that the GUI setting will just apply this setting to all the of APs connected whereas if I use the CLI I can set this to just a specific LWAP. 

Community Member

Guest design consideration regarding slow responses from the gue

CreatePlease to create content