Wireless anchoring with partner organisations

This model of wireless anchoring may not be a very common practice in enterprise networks.

This solution has its use case in public sectors and very common in educational and healthcare organisations where people share building spaces and Network infrastructure.

This solution shows how universities and healthcare organisations can deploy this model of wireless anchoring which benefit students and staffs when they work in these areas.

This solution allows users to work independently and increase efficiency as they will have access to their network resources through this anchor service.

Here are some of the scenarios where this solution will be helpful.

  • A doctor who is a faculty at the University needs to access his patient records on the university campus.
  • A student who is working as an intern at the hospital needs to access his emails and network resources while he is gaining some work experience
  • Works well in hospital network where there are affiliations with each other.

Scenario 1:

Hospital wireless network broadcasting an University SSID

  • Hospital can broadcast SSID from the University to serve its students and faculty while they are working at the hospital. Users will have access to their network resources in a secure way. In this case,  University’s WLC will become the anchor WLC and extend its SSID to the hospital’s WLC (Foreign WLC). Anchor WLC will always be responsible for IP addressing, authentication and termination of the traffic.

Scenario 2:

University wireless network broadcasting hospital’s SSID

  • University building will broadcast a SSID from the hospital network as there are many users form the hospital working closely with the university faculty. In this case the hospital’s WLC will become the anchor controller and University’s controller will become the foreign controller.

 Architecture: This solution works on the concept of mobility anchoring. This concept holds good for both the above scenarios, however the role of anchor controller remains with the organisation that will be willing to broadcast their SSID into their partner organisation.

Anchoring1

Please note that this setup will require permissions and approval from both the university and partner institute to ensure that it benefits both the organisations.

 

We will need 2 wireless LAN controllers for this solution.

  • Foreign Anchor Controller
  • Mobility Anchor Controller

Foreign Controller:  The foreign controller will be responsible for providing the layer 1 and layer 2 connectivity to the clients. All the access points in this controller will be extending the SSID from the anchor controller.

Anchor Controller: The anchor controller is responsible for terminating EoIP tunnels that originate from other campus WLCs throughout the network.

Cisco systems utilises two tunnelling protocol available within its lightweight wireless architecture.

The protocols used are EOIP and CAPWAP. This is internally known as old mobility and new mobility respectively.

For the purpose of anchoring a SSID between organization the main difference between the two protocols are:

  • CAPWAP uses port 16667 as the port to send and receive data within the tunnel
  • EOIP uses port 97 as the port to send and receive data within the tunnel

It is recommended to use EOIP (Old Mobility) feature on the wireless controllers for optimal performance.

It is not recommended to use EOIP on one controller and CAPWAP on another as this is currently buggy and not well supported.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s