With mobility anchors, also called guest tunneling or auto anchor mobility, all the client traffic that belongs to a WLAN (especially the Guest WLAN) is tunneled to a predefined WLC or set of controllers that are configured as an anchor for that specific WLAN. This feature helps restrict clients to a specific subnet and have more control over the user
traffic. Normally what happens is that a client anchors to the first controller it associates through. But what if you want clients anchored to a controller on a DMZ interface of a firewall? Using a mobility anchor forces clients to be anchored to a controller other than the one they first associate with. This forces their traffic to be tunneled to the DMZ. Then it must pass through the firewall and its associated policies before getting anywhere. This is done on a per-WLAN basis.
Note: The protocol used for tunneling is known as EoIP. It's beyond the scope of the CCNA Wireless exam, but you can find more information in RFC 3439.
You should configure the same mobility anchors for a WLAN. If a client associates with a WLAN in which the local controller is the mobility anchor, the client is anchored locally.
The whole mobility anchor concept might seem strange at first, but think of it as roaming ahead of time. That's basically what it is. As soon as the client associates to a WLAN, it is known to be anchored somewhere else, and a tunnel is set up. This means that the foreign controller sets up the tunnel before the client has an IP address. So the foreign controller doesn't have any knowledge of the client's IP address. This tunnel is the same type of tunnel that is created when Layer 3 roaming occurs between controllers.
To configure a controller to act as mobility anchor, follow these steps:
Step 1. Click WLANs to open the WLANs page.
Step 2. Click the blue down arrow for the desired WLAN or wired guest LAN, and choose Mobility Anchors, as shown in Figure 12-12.
Note: On a WiSM running controller code 184.108.40.206, you do not click the blue down arrow; you just hover the mouse pointer over it.
Step 3. Select the IP address of the controller to be designated a mobility anchor in the Switch IP Address (Anchor) drop-down box.
Step 4. Click Mobility Anchor Create. The selected controller becomes an anchor for this WLAN or wired guest LAN.
Step 5. Click Save Configuration to save your changes.
Step 6. Repeat this process for any other mobility anchors you want to designate for this WLAN.
Step 7. Repeat this process on every controller where this WLAN exists.
Was this article helpful?