View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Wireless » WL0033 - WLC Mobility Anchor (Part 1)

WL0033 - WLC Mobility Anchor (Part 1)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Wireless
Video Download: 
Title: WL0033 - Video Download $17.00
Purchase WL0033 - Video Download $17.00
The video demonstrates the concept of Mobility Anchor for guest users on Cisco Wireless LAN Controller. We will extend our knowledge of mobility tunnel, foreign and anchor controllers, from the last video to securely segregate guest traffic into DMZ. The second half of the video shows you how to configure Cisco ISE to operate with the anchor WLC in the DMZ to provide guest login portal without allowing guest traffic into internal network.
 
Part 1 of this video covers configuration and testing of guest anchor controller
 
Topic:
  • Guest Anchor Controller
  • Foreign Controller
  • Mobility Domain, Tunnel, Member
  • Sponsored, Hotspot, Wired Guest
  • Identity Services Engine (ISE)
  • Guest DMZ
Tag: 
wireless
wlc
anchor
foreign
mobility
guest
dmz
asa
vrf
ISE

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

4 comments

Submitted by technerdvoicewi... on Mon, 05/01/2017 - 14:49

Hello! GREAT VIDEO!!! Question for you couldn't you have had the guest anchor do the DHCP for you? Instead of the your local switch on a vrf? Also, what firewall ports did you open just port 97 and 16666?

Submitted by admin on Tue, 05/02/2017 - 22:32

Yes, you could have anchor controller be DHCP server. Main and Anchor WLC communicate through mobility tunnel on standard CAPWAP port UDP/5246-5247

Submitted by walkerk on Sun, 04/14/2019 - 17:41

First time seeing your videos or this site.... do you have the documentation for how your DMZ fw & switch are setup? Also enjoyed how you went through the video discussing best practices etc... My curiosity is with what you did with setting up VRF's and routing the guest wireless traffic through it. Thanks, would like to see more to have a better grasp of the unseen moving components that you have in your lab scenario.

Thank you,

Karl

Submitted by amodd4labminutes on Tue, 06/04/2019 - 15:12

Hello Metha,

Do I need a second mobility anchor to my only anchor controller from the only foreign controller if I have them both connected on a completely separate interface than the management for another use-case? If yes when tried my mobility tunnel didn't come up on both for some reason. Both the controllers are reachable on the second interface.
And if the second mobility anchor is not required (my management IP mobility anchor is up) my anchor is unable to handover any ip to my clients its not even seeing any dhcp requests. (client state is being moved to idle from idle)
For simplicity, I have removed my ISE out of the way for now and having wpa2 security.

Your inputs are highly appreciated.