EOIP Tunnel

Hi, all
This is my first post to this community. I'm planning to setup a Guest Network using WLC, but we have only a single controller. I searched the community and read some posts about placing a WLC in a DMZ and establish an EOIP tunnel to the anchor controller. I was wondering if I could establish a tunnel between the anchor controller and another equipment (a router, or a switch) that supports EOIP in DMZ, instead of using a second controller. Is this possible?

No and the rason for this is becuase the WLC share inforamtion beween the foreign (internal controller) and the anchor controller controller (DMZ controller).
In addition, you need to make sure your DMZ is a 4400 or 5508. 2xxx models do not support anchoring.

Similar Messages

  • Not able to form EoIP tunnel with anchor WLC

    Hi all,
    I have a WLC at a remote site that is supposed to form an EoIP tunnel with 2 anchor WLCs located at a data center. From the site WLC and the anchor WLCs, the mobility show UP on both ends. Also I can ping to the mobility peers from each end. However, when I look into the client details on the remote site WLC, there is no Mobility Anchor IP address, which tells me that the EoIP tunnel between the site and anchor controller is not forming for some reason. Any idea what I could be missing?
    (WOHW-WC01) >show client detail 0c:3e:9f:ab:db:ed
    Client MAC Address............................... 0c:3e:9f:ab:db:ed
    Client Username ................................. N/A
    AP MAC Address................................... 0c:68:03:b9:44:70
    AP Name.......................................... WOHW-LAP016
    Client State..................................... Associated
    Client NAC OOB State............................. Access
    Wireless LAN Id.................................. 66
    Hotspot (802.11u)................................ Not Supported
    BSSID............................................ 0c:68:03:b9:44:72
    Connected For ................................... 1469 secs
    Channel.......................................... 6
    IP Address....................................... Unknown
    Gateway Address.................................. Unknown
    Netmask.......................................... Unknown
    IPv6 Address..................................... fe80::1c1a:e07c:dd48:bc7e
    Association Id................................... 3
    Authentication Algorithm......................... Open System
    Reason Code...................................... 1
    Status Code...................................... 0
    Session Timeout.................................. 0
    Client CCX version............................... No CCX support
    QoS Level........................................ Bronze
    802.1P Priority Tag.............................. disabled
    CTS Security Group Tag........................... Not Applicable
    KTS CAC Capability............................... No
    WMM Support...................................... Enabled
      APSD ACs.......................................  BK  BE  VI  VO
    Power Save....................................... ON
    Current Rate..................................... m7
    Supported Rates.................................. 9.0,12.0,18.0,24.0,36.0,48.0,
        ............................................. 54.0
    Mobility State................................... None
    Mobility Move Count.............................. 0
    Security Policy Completed........................ No
    Policy Manager State............................. STATICIP_NOL3SEC
    >>> No Mobility peer IP address <<<<
    (WOHW-WC01) >show mobility anchor wlan 66
    Mobility Anchor Export List
     WLAN ID     IP Address            Status
     66          137.183.242.149       Up                              
     66          137.183.242.150       Up                              
    (WOHW-WC01) >show mobility sum           
    Mobility Architecture ........................... Flat
    Mobility Protocol Port........................... 16666
    Default Mobility Domain.......................... WOHW_ENT1
    Multicast Mode .................................. Disabled
    Mobility Domain ID for 802.11r................... 0x9cbf
    Mobility Keepalive Interval...................... 10
    Mobility Keepalive Count......................... 3
    Mobility Group Members Configured................ 3
    Mobility Control Message DSCP Value.............. 0
    Controllers configured in the Mobility Group
     MAC Address        IP Address       Group Name                        Multicast IP     Status
     bc:16:65:f9:18:60  137.183.242.150  CIN_GUEST1                        0.0.0.0          Up
     e0:2f:6d:7c:42:20  143.27.201.52    WOHW_ENT1                         0.0.0.0          Up
     f8:72:ea:ee:a0:00  137.183.242.149  CIN_GUEST1                        0.0.0.0          Up

    It works now. I changed the NAC state to "Radius-NAC". Now the mobility hand-off is occurring. 
    (WOHW-WC01) >show wlan 66 
    WLAN Identifier.................................. 66
    Profile Name..................................... PGGuest
    Network Name (SSID).............................. PGGuest
    Status........................................... Enabled
    MAC Filtering.................................... Enabled
    Broadcast SSID................................... Enabled
    AAA Policy Override.............................. Enabled
    Network Admission Control
      Client Profiling Status ....................... Disabled
       DHCP ......................................... Disabled
       HTTP ......................................... Disabled
      Radius-NAC State............................... Enabled

  • Can WLC create EoIP tunnels to more than one Anchor Controllers

    Hello,
    Is it possible to create EoIP tunnels to two different Anchor Controllers on two different DMZs from a single WLC. So we can tunnel the traffics of two SSIDs to different DMZ environments.
    Anchor Controllers can create 71 connections to Foreign Controllers, but can Foreign Controllers create EoIP tunnels to more than 1 Anchors.
    Regards,
    Sinan

    Just to note, an anchor WLC can be a WLC in the DMZ or even another foreign WLC which you want to anchor an SSID to.  You only limited in very large environments when you might hit that max limit. 
    -Scott

  • Originating more than 1 EoIP tunnel to an anchor controller possible?

    I'm attempting to set up (for testing purposes) a 2nd 'guest' SSID on an internal WLC (WLC-A), and terminate it in a DMZ on an anchor controller (WLC-B).  We already have a guest SSID originating on WLC-A and terminating on WLC-B though.  Is it possible to originate a 2nd guest SSID on WLC-A?
    WLC-A - 2504 (7.2.x)
    WLC-B - 5508 (7.2.x)
    The problem I'm seeing is I'm getting no DHCP address assigned on the test SSID.  If I statically assign IP information I still have no connectivity.  It's as if the EoIP tunnel for the 2nd test SSID isn't functional.
    TIA

    Also when you do this, makes sure you have the same SSID configuration on both WLCs. If you created a new test SSID on the foreign, you need to create a new test SSID in the anchor. The only difference in the configuration should be the interface. Also make sure the test SSID in the anchor is anchored to itself (local) and the test SSID in the foreign WLC is anchored to the anchor WLC. The test SSID in the anchor can share the same interface as the guest.
    Sent from Cisco Technical Support iPhone App

  • EoIP Tunnel across two locations

    Hi,
    Appreciate if some one advise on how to configure EoIP tunnel. One wireless LAN controller is in a DMZ acting as an anchor controller...and this needs to get traffic from foreign Wireless LAN Controllers from other remote locations over an EoIP Tunnel . Should any configurations needs to be done on Routers/Switches? Or would it be sufficient just configuring the mobility groups and anchors in WLCs. Please advise.
    Thanks
    Dany

    Hi Dany,
    Here is the link which provides you the depth info on the WLC configuration for Mobility
    http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch2_Arch.html#wp1028143
    And here is the link whcih expalins about the configuration example as well for Anchor and foreign setup.
    http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.html
    However make sure we do have all the neeeded VLANs on the network and route to the remote site or basic connectivity..
    lemme know if this answered your question..
    Regards
    Surendra
    ====
    Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

  • How Many Foreign EoIP Tunnels Does 5508 Support?

    Hi forum,
    I'm speccing out a guest anchor design and can't find any explicit information for the 5508 regarding how many foreign WLC EoIP tunnels it can support.
    This information for the 2504 is on the data sheet (15) but not on the 5508 data sheet!
    Any help greatly appreciated, and given full stars

    Osita is correct.
    Just to add... Here is a link that explains it. Also if your going to reach that high of a number, you also have to understand the max client count on the 5508 (7,000) and the max database size for username/passwords if that guest WLC will handle guest accounts (2,048). This database limit includes local user and Mac filters also.
    http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml#qa2
    Sent from Cisco Technical Support iPhone App

  • QoS on the EoIP Tunnel

    I'm interested to know if I can police the EoIP tunnel that carries the Guest Access traffic. The customer is concerned that the guests will eat up too much of the bandwidth from the remote site to the main site where the anchor controller would be. I thought that if I could police that EoIP traffic then that would be a good solution for them. Thanks.

    access-list 197 permit 97 any any

  • How many EoIP tunnels at the same time? (One Anchor -- HA Pair )

    Hi Experts,
    With AP SSO, there should be two CAPWAP tunnels between an AP and the HA controller pair at the same time. Is it correct?
    Then how many EoIP tunnels between the internet anchor controller and the foreign controller HA pair at the same time?
    Thanks
    Cedar

    Hi Cedar,
    in AP SSO, only single CAPWAP tunnel maintan at a time & see the below reference for details.
    http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml
    There is only one CAPWAP tunnel maintained at a time between the APs and the WLC that is in an Active state. The overall goal for the addition of AP SSO support to the Cisco Unified Wireless LAN was to reduce major downtime in wireless networks due to failure conditions that may occur due to box failover or network failover.This allows the access point (AP) to establish a CAPWAP tunnel with the Active WLC and share a mirror copy of the AP database with the Standby WLC. The APs do not go into the Discovery state when the Active WLC fails and the Standby WLC takes over the network as the Active WLC.
    in the same sense, EoIP tunnel limitation will be 71 for a anchor controller. See below
    https://supportforums.cisco.com/thread/2123756
    HTH
    Rasika
    *** Pls rate all useful responses ****

  • Guest tunnel/auto-anchor from 2100 to 4400 WLC

    We’d like to extend our current Guest LAN from a 4400 WLC in our data center to a 2100 WLC located at a remote facility. However, we cannot get the foreign controller to pass traffic to the anchor controller – or so it seems. The catch is that we’re not actually trying to extend the SSID itself to provide wireless access, but instead flub it so that we can provide local wired access tunneled to the Guest LAN on the anchor WLC. I’m not entirely sure if this is possible, because I’ve read that before the EoIP tunnel will come up a guest client must associate to the foreign WLC.
    We’ve followed the instructions we could find that go over setting up this type of scenario, but unfortunately they only cover setting up back-to-back 4400 controllers and as such, some functions described (notably being able to create a Guest LAN) are not possible on the 2100. We haven’t been able to find a clear and concise guide on the scenario we want to set up.
    Here’s some detail:
    Mobility group is up/up between both WLCs. Both WLCs are running 6.0.x code.
    Anchor WLC – 3750G-24WS-S25 (a 4400 WLC w/ integrated 3750G-24)
    Guest LAN WLAN “wired-guest” created; Ingress is “none” and Egress is our existing “dirtnet” – i.e. outside access. The “dirtnet” interface is *not* a Guest LAN interface. Mobility anchor is set as local.
    Remote WLC – WLC2106
    WLAN “wired-guest” created; Interface is “wired” w/ an IP address on the same subnet as the anchor “dirtnet” and associated with port 2. Mobility anchor is set to the anchor WLC and is up/up. I have a laptop connected to port 2 with a statically assigned IP address on the same subnet as “dirtnet.” I am able to ping the local port 2 address, but I can’t ping across the tunnel to the anchor WLC. I also cannot ping the anchor WLC "dirtnet" interface from the foreign WLC’s Ping tool.
    Are we missing something?

    Sean,
    Wired guest access is not supported on WLC2106.
    Reference:
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml#configs
    Please consider using a WISM, WLC4400, 3750 integrated WLC or a WLC5500

  • WLC Guest Tunnel

    Hi,
    I've some questions about Guest Tunneling, since the docs on CCO is not so complete.
    Right now I've 2WLC4400 Series in a redundant way with 2 WLANs, 1WLAN per AP Group. All the APs are setup as H-REAP node.
    We've to setup a WLC in DMZ so that Guest WLAN traffic will be tunneled from the internal WLC to the DMZ and all is fine.
    The WLAN Guest and the interface should be defined both on internal and DMZ WLC...isn'it? the DHCP Server should be setup in DMZ?
    Then I'll setup the mobility Anchor between WLC#1 internal and WLC DMZ and between WLC#2 internal and WLC DMZ correct?
    What about the AP sice are setup like H-REAP Node with switch port as access?
    Many thanks for helping me find a solution

    Hi fella,
    Tnx a lot for the useful infos...are you sure??? maybe i'm missing a piece of the puzzle...let's do a resume:
    - My APs on different IP Subnet are configured as H-REAP nodes
    - my internal WLCs are configured with more WLANs to do central AUTH and LOCAL switching
    - my WLANs since are in H-REAP mode are mapped the to AP-Manager interface of the WLC
    - the WLC in DMZ, behind a Firewall, is configured with mobility group to be "in the same one" with the internals WLCs
    - the Guest WLAN, defined on internal and external WLCs is mapped to AP-Manager IP to be LWAPP Tunneled (central Switching) and spread on all my APs
    - the Guest WLAN will be anchored from the internal WLCs to the external one.
    So basically one WLAN client which will connect to Guest WLAN, all traffic will be LWAPP tunneled from AP MGMT IP to WLC AP-Manager IP and then, since this WLAN is anchored to the DMZ WLC, the traffic will be EoIP tunneled to this WLC where is active an DHCP Server.
    After the client is receving an IP Address from the WLC's DHCP Server the Firewall in front of the WLC will be block all the access to the internal IP subnet and permti only to be routed to the external of the enteprise...
    Am I wrong with something?
    Thnxxxxx

  • Wireless DMZ with foreign wlc - EoIP - anchor wlc

    Hi,
    We are trying to setup a a segregated DMZ wireless network.
    I've attached a simple topology to illustrate. So we have foreign controller and anchor controller. Firewall ports UDP16666,16667 and IP97 have been enabled and EoIP tunnel itself is up.
    The client is also able to connect to the TEST ssid and obtain IP address from the DHCP server. But the client can't reach the gateway or any other network. The client's gateway is the firewall where the Anchor is connected.
    Does anyone have experience setting up EoIP tunnels and DMZ wireless? What could be the issue?
    I've been reading the Cisco guide and searching all over the internet without any success.
    Any help will be appreciated.
    Regards,
    Delgee

    Doesn't look like your tunnel
    Is working. If you didn't open up dhcp from the DMZ to the dhcp server and back, the clients should not be able to get a dhcp address. Look to make sure the mobility is up between the foreign and the anchor. Also you should see the client on both the foreign and the anchor. The WLAN SDID's also need to be exactly the same for e caption of the interface and you need to anchor the foreign SSID to the anchor wlc and the anchor wlc SSID to itself.
    Review this doc as it e plains what needs to be done on both WLCs
    http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html
    Sent from Cisco Technical Support iPhone App

  • EOIP fragmentation ?

    Hi,
    Currently we are experiencing excessive traffic fragmentation between the Foreign and Anchor WLC's.
    Due to the fragmentation the firewalls are having a high CPU load and are facing performance issues.
    Because of this I've changed the TCP MSS to 1363 but this only takes care of the CAPWAP overhead (AP <-> WLC).
    What is the overhead of the EOIP tunnel between the foreign and anchor WLC and are there ways to decrease the MTU size so that there will be no (or less) fragmentation ?
    Grtz.

    Well, I don't think its quite abnormal here. Had the fragmentation been more , the Firewall would have dropped the packets considering it as DOS, eg. our ASA allows maximum of 24 fragmentation. However, the fragmentation which you are facing , is quite normal for Firewall and it should have handled it quite easily.

  • Load Balance guest Internet access via two different DMZ zones at two sites

    Hi Sir,
    My customer has the following unified wireless guest access requirement:
    - There are 2 internet links and dmz zones at two different locations, Site A and Site B
    - Data centre is at Site A
    - WiSM is proposed to be installed at the Cat 6500 in Site A
    - Lightweight AP are distributed across Site A, Site B and other branches
    - Only one anchor WLC is proposed at Site A, DMZ zone to provide guest internet access
    My customer would like to load balance the guest via the two internet link at Site A and Site B but with the same SSID across all locations. Can it be done since only one anchor at Site A? How about puttting another anchor WLC at Site B, DMZ zone? But how can i establish two EoIP tunnel to two different anchor WLC from a single WiSM?
    Thanks for your help
    Delon

    You can... but you can't control where the traffic will flow. The wlc will determine which DMZ wlc it will use. The wlc will load balance, but traffic in site A might go to site B. I currently have deployed that senerio in multiple client installations....

  • Guest VLAN unable to get DHCP IP address from Anchor Controller

    Hello everybody,
    In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
    SSID Name - guest
    Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) -
    Mobility Group: Same configs at both ends
    SSID Anchor : Anchor SSID on local and local SSID on Anchor.
    AP: CAPWAP 3502 Management Subnet
    SSID Security etc all defaults and matching on  both ends
    Checkpoint Firewall Rules: Allowed 16666-7, IP 97 etc on the firewall
    Checkpoint Inside/DMZ to Outside(Internet) is NAT enabled.
    EoIP Tunnel Status: Up, UP - Both ends
    Mping - OK
    eping - OK
    WLC Sofware Version on Local - 7.0.98.0
    WLC Sofware Version on Local - 7.0.116.0
    DHCP Scope: Definitions on Anchor Controller and Guest Anchor SSID points to the Anchor management IP as the Primary DHCP server.
    Management IP Subnet on Local: 10.x.x.x
    Management IP Subnet on Anchor: 172.x.x.x
    The problem definition as follows:
    When guest SSID associates to the local AP, the guest SSID never gets a DHCP address assigned from the Anchor Controller and the following debugs are obtained.
    1. WLAN ID 1 (for Guest SSID Number) delete message appears in the Controller message logs, but the SSID does not DHCP from the local Management Subnet and i can see DHCP request via the tunnel to the Anchor WLC as follows:
    DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 13, encap 0xec03)
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   xid: 0x49c54774 (1237665652), secs: 42, flags: 0
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   chaddr: 64:b9:e8:33:2d:13
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP successfully bridged packet to EoIP tunnel
    2. Similar debugs on the Anchor controller yields the following results;
    Cisco Controller) >*DHCP Socket Task: Feb 25 04:30:25.488: 64:b9:e8:33:2d:13 DHCP options end, len 72, actual 64
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP received op BOOTREQUEST (1) (len 308,vlan 20, port 1, encap 0xec05)
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   xid: 0x49c54778 (1237665656), secs: 52, flags: 0
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   chaddr: 64:b9:e8:33:2d:13
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP successfully bridged packet to DS
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP received op BOOTREQUEST (1) (len 308,vlan 20, port 1, encap 0xec05)
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   xid: 0x49c54778 (1237665656), secs: 61, flags: 0
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   chaddr: 64:b9:e8:33:2d:13
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP successfully bridged packet to DS
    *apfOrphanSocketTask: Feb 25 04:37:49.931: 34:51:c9:59:b1:c7 Invalid MSCB state: ipAddr=169.254.254.148, regType=2, Dhcp required!
    Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.
    Thanks and Regards.

    The DHCP issue is resolved if external DHCP server is configured on a 3750 switch connected to the WLC and the default gateway for DHCP points to the Firewall, which is in the data path between the Inside and Anchor Controllers. DHCP is essentially bridged (no Proxy setting now) from the EoIP tunnel to the Distribution system network. We will test this solution on pilot production and then consider upgrading to 7.0.116.0, as there are about six offices running 7.0.98.0, which will need to be upgraded. 
    For L3 security,  configuration is set up on both the controllers for external captive portal redirection.I will try this only on the Anchor and revert.
    Thanks again very much for all your help.

  • Using one controller as primary DHCP server for 2 or more controllers

    Here's my setup
    2 - 5508 controllers (40 APs per controller) running 6.0.196.0 (100 user license per controller)
    about 80 mixed - 1142 and 1252 APs, trying to put 40 APs on each controller
    One subnet connects two controllers together on the management interface on port 1 on both controllers. 10.x.x.x addresses.
    Port 2 on each controller (LAG not used) connects to a DMZ via dynamic interfaces for user traffic, 172.x.x.x addresses.
    I want to use one controller for all clients to get their DHCP addresses from (no matter what controller their AP is on)
    as a primary DHCP server (controller A as primary), then i'd like to point the clients to the other controller (controller B) to be used as a backup DHCP server in case Controller A fails. Also, the APs are setup to have the correct primary and secondary controllers under their high availability setting as well as the mobility group information.
    I want to avoid splitting my DHCP scopes between controllers, and I don't have a DHCP server dedicated to this project, so the 5508s should be able to do the job. Or at least I thought.
    When configuring the controllers with the proper DHCP scopes, this only seems to work for clients connecting to controller A. Clients on controller B don't get an address from controller A when pointing to that controller, in fact, the wierd thing is that debugging shows DHCP requests going out of port 2 (DMZ traffic) instead of port 1 (management) on controller B. Shouldn't they be going out of the interface that is specified with the DHCP configuration in the dynamic interface? And I don't have "override" turned on in the WLAN configuration so the DHCP server should be taken from the dynamic interface that the user resides on.
    Mobility groups are configured correctly between the two controllers and both the control and data paths are up between the two controllers. Another wierd thing, both controllers management interfaces are on the same subnet, no acls or filters, when the mobility groups are configured, controller A can ping controller B, but controller B cannot ping A. The status still shows as UP/UP in the mobility members windows, but they use mPing which seems to work fine. Remove the mobility group configuration and ping works just fine between the boxes. I don't know if this is related to my DHCP issues, but it would seem that if I put the controller A's management address in the dynamic interface configuration for DHCP on controller B, my clients on B should get an address from A's DHCP pool. Controller A's dynamic interfaces all point to controller A's management interface and they work just fine.
    I'm trying to load ballance my AP distribution between two boxes, and I'm also trying to have some controller redundancy.
    Controller A works just fine, it's in production. Trying to add another controller B to talk A for DHCP is the issue.
    Anyone have any clues?
    -Blair

    I guess i was under the impression that when mobility groups were cofigured, the lease time, along with other client information (mac address, IP address and such), would replicated from one controller to the other controller over the EoIP tunnel.  If that's not the case, then obviously I'll have to look elsewhere.
    Also, does this mean that it will not work, or just that it's not recommended.  If it does work and I have to fix something, at least I can move on with my testing, all while pursuing a DHCP server.  It doesn't sound like using an AP as a DHCP server is any better than using the controllers for that same purpose.
    Thank you for the quick response.

Maybe you are looking for

  • Pension Plan

    Dear all, We have a pension plan scenario: -/ 1% Rank Salary in Deduction -/ Divided by the average rate of contribution -/ < 5 service years: do not receive the capital investment in both original and profit -/ 5 u2013 8 service years: 25% investmen

  • Formatted ipod mini - PLEASE HELP

    I formatted my ipod mini and now the only thing I get on the screen is a picture of a "folder" with a "hazzard" sign and the url: www.apple.com/support/ipod. A lot of good that's done me. So now in essence it's acting like a removable HDD and nothing

  • Sql loader and Runtime Excec

    Hi! I am writing a Java application running on windows. the primary thing that the program does is to parse data and write it in a text file , connect to the database and insert the text file to the table by means of an sql loader... the database tha

  • [JS, CS3] How can I deselect text?

    Hi fellow scripters, I just wrote a script that works beautifully, finding a portion of text within a selection and replacing it with a variable. However, at the end of the script it leaves the new text selected. Is there a way to deselect this and l

  • In house collaboration

    Dear All, I want to configure an scenario, in repetitive manufacturing, whichever moderate this situation: I want to produce A, in plant 1000. In the BOM of A, it is an semifinish good, B, who is make in another plant 1200. Supose I  need for 2 piece