But the problem is it still does not work. what i dont get is that the interface for the Guest SSID for the foreign controller is management, does this mean that i have to get an IP address first from the management segment before i can get an IP from the anchor WLC?
my setup is that i have an anchor controller which is on a different LAN from where my foreign WLC is. the anchor WLC has the DHCP scope and the local net user database. I have already join the two WLC to each other's mobility group. also i have configured the mobility anchor on the WLAN(SSID) of the foreign controller.
Another thing is that the AP im trying to use is on a different site from where my controller is. Im not sure if this is the one causing problem.
The interface for the foreign wlc should be set to management. You are tunneling traffic using the management ip. As long as the foreign wlc guest SSID is anchored to the anchor wlc and the anchor wlc SSID is anchored to itself you should be fine. It is important though that the SSIDs match identically except for the interface.
As long as the AP has joined the foreign wlc it doesn't really matter that it is in a different building. You can have that ap in local or hreap mode. A guest user who associates to that ap will get their ip from the guest anchor controller since the foreign wlc has an anchor built to the anchor wlc.
to piggy back on Scott. On the inside WLC by telling the WLAN to use the management interface and anchoring to the DMZ, what you are telling the WLC to do is use the mobility tunnel as the logical interface for it to place the traffic. Not the physical interface.
Sent from Cisco Technical Support iPhone App
Please remember to rate useful posts, and mark questions as answered
Its rare that I have a difference in opinion from both of you guys but let me share with you an issue I had.
If you map the foreign controller to the management interface and the tunnel breaks for whatever reason the clients will get dumped on the management interface, even though the WLAN is anchored to the DMZ controller.
I know this becuase I seen this for my self when I had anchor issues.
I opened a tac case and it was suggested to use a "dummy interface" on the foreign controller. I forget who I spoke to, this is over a year now. But I then followed up witha Cisco SE on the Advance Wireless team and he commented this is what they do as well. And to add further, a large hospital system here in the Tex Med center had Cisco advance team install their controllers and they too had dummy interfaces for the foreign controllers for guest.
Just my 2 cents ... Add a dummy interface call he dummy_guest_interface and tie it to 184.108.40.206 or something like ... no need to add anything on the wired.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
George is spot on with his comment. On the inside foreign controller it is wise to use a dummy non-routed network in case the tunnel breaks. If the tunnel goes down and DHCP required is not checked someone could by happen chance guess your static range for the management network and drop themselves on your internal network using open credentials. I always create a non-routed network that I put as the interface on the foreign controller.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...