WLC – Anchor Network Flow

What you need to do & know:

1. You have 2 WLC : one act as primary WLAN controller, one act as the anchor
2. Some people call Anchor WLC as Foreign Controller
3. Anchor WLC : means the LWAP still connected to primary WLAN controller, then the primary WLAN controller create tunnel use port UDP 16666 and UDP 97 to Anchor WLC, so the user are sent to WLC anchor to use WLC anchor connection to Internet
4. The primary WLAN controller need to have the same DHCP, WLAN, WLAN security and Mobility sync group
5. To make Tunnel from Primary WLAN controller to Anchor WLC you need create the mobility group, and set the WLAN on primary WLAN controller to [ip address] of the anchor on the WLAN, and set the local on Anchor WLC
6. After you create the tunnel test it using command: mping (udp 16666) and eping (udp 97), if both of them success, mean the control path (udp 16666) and the data path (udp 97) are status “UP”
7. After this already established mean the problem is not in the tunnel, must search for network environment anchor WLC
8. Update from cisco TAC, version 8.3.xxx need to set vlan on management interface or you can make trunk mode on the switch to the internet

Here is the network flow

Guest WLAN -> LWAP -> Primary WLC-> [tunnel] -> WLC Anchor -> Internet

How to troubleshoot this Anchor configuration:

1. Did your client see the SSID? See the WLAN broadcast and configuration on both primary and Anchor WLC must be the same
2. Did you your client cannot join the SSID? See the security on WLAN parameter, make sure the client used the correct security that you want
3. Did your client get the IP DHCP address? See the DHCP parameter requested, is it using internal DHCP or another DHCP server, make sure the Anchor can get access to that DHCP server
4. Did your Anchor WLC trap indicate “control path down” or  “data path down”? Try to eping and mping the Primary WLC, check the connectivity on udp 16666 (control path) and udp 97 (data path)
5. If you can connect to SSID, get the DHCP Ip address, and the Anchor WLC indicate your client on “RUN” state, but still cannot access to the internet? Ping the gateway its not on your WLC configuration, but the Anchor -> Internet Environment
6. If you already tried everything and still failed, comment me: I`ll try to search the solution for your problem

*Source: https://supportforums.cisco.com/document/11936816/cisco-guest-access-using-wlc-anchor-setup-%E2%80%93-release-70

*Experience