Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Anchor mobility between WLC 5508 and Aruba/Clearpass

Hello. I have a question regarding the abiltiy to configure anchor mobility between a 5508 WLC and an Aruba controller. To date, my understanding is it has never been possible and I have never found any documentation that says it can be done.

Scenario: My organization and a partner organization co-own a hospital. We coexist on a large campus, with each org having a number of buildings that the owning org maintains the network presence in. We also maintain back-to-back firewalls between us and do not hand-off any direct layer 2 interfaces to each other. However, the two orgs do partner to provide each others business SSID's in each other's WiFi networks using anchor mobility. Our current solution utilizes an A/M tunnel between my org's 5508 controllers and the partner orgs 2504 controller and we explicitly permit the tunnel traffic between partner controllers for A/M to work. Last year, the partner org retired some old WiSM's and changed their wireless solution to Aruba and recently implemented Clearpass. In order to maintain A/M with us they left a 4404 operational, but due to the newer code we were running they were forced to purchase a 2504. So now they are only maintaining a limited footprint in their network with a few Cisco AP's and the rest of their coverage areas use Aruba AP's and they have indicated that they want to completely retire their Cisco WLC's. Because we host some of their SSID's on our controllers and can tunnel them to their 2504, they get all of their WiFi traffic coming from our network, however my org can only connect to our SSIDs on their campus in certain areas.

The solution I have been asked to provide is to find a way to continue providing some sort of anchor mobility services between our WLC's and their Aruba controllers. My org maintains that we do not want to simply hand them a layer 2 interface for security reasons, but they want our SSIDs to be available in all areas of the partner org's campus and vice versa. So far I have stalled the partner org's plans to retire their WLC's by telling them that retiring their WLC's will completely break WiFi between orgs, but they are adamant that some sort of A/M solution must be found.

Is there any way to do some sort of A/M between a WLC and Aruba controller and if so, is there any documentation showing configuration examples etc?

Thanks,

John

4 REPLIES
VIP Purple

Re: Anchor mobility between WLC 5508 and Aruba/Clearpass

Hi John,

I do not think it will work. Even if it get working somehow, it will be operation nightmare to troubleshoot & fix a issue since both vendor will say it is NOT supported solution.

What about if you ask them to advertise your SSID (assuming it is dot1x) on their APs as another SSID on their network, but pointing it to your RADIUS & DHCP for IP connectivity (you do not have layer 2 requiremnt for this & can do this as long as you have L3 communication between each other)

HTH

Rasika

**** Pls rate all useful responses ****

Hall of Fame Super Silver

Re: Anchor mobility between WLC 5508 and Aruba/Clearpass

Just to add. I have both in my lab and there is now way these two companies will ever work together to be able to have mobility between them:)

Your best bet is to treat them as separate wireless systems which they are right now. Like with Cisco, you have the ability to anchor traffic. Aruba does also, but you need to buy a Mobility Controller to anchor an SSID.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Cisco Employee

Anchor mobility between WLC 5508 and Aruba/Clearpass

#Cisco will never try to support Aruba as Anchor/Foreign or Aruba either, it will kill their product line to the direct competitor. Same for APs as well, though it is all capwap standard for AP to WLC and WLC to WLC communication, IT WILL NEVER HAPPEN.

Forget about the BU working together. For Aruba's clearpass/Airewave interoperability with Cisco WLC, Cisco never be able to get Aruba TAC work with Cisco TAC.

Hall of Fame Super Silver

Re: Anchor mobility between WLC 5508 and Aruba/Clearpass

Haha.... I know it will never happen:)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
859
Views
15
Helpful
4
Replies