This question has been asked in various ways in the past, but I feel never answered adequately.
My customer has multiple sites, each with a 2504 WLC.
A data center with a 5508 in the DMZ acting as Anchor for the remote sites.
ACS 5.x and NCS Prime
All guest users will egress to the internet via a Vlan in the DMZ.
Authentication is currently web-auth on the Anchor, but will move to NCS once that is fully deployed.
Is it possible to put a printer in each site for Guest WLAN users to use? If so, is there a Cisco 'best practice' or is there anyone out there that has come up with any neat ideas?
Well how would the guest that has an address in the DMZ get back to the remote site printer subnet. I guess you could open you your FW and allow routing back to each printer, but that would not be ideal.
You can look at 7.3 in which you can have split tunnel on FlexConnect access points. So you can create an acl on the wlc that when traffic hits that acl, you place that traffic on the local vlan out at the remote site. Before you ask... There are no documents on how to create this, but it is a new feature. What I was told is this split tunnel only works when you have centrally switched wlan's. The acl is for traffic to stay at the remote site and all other traffic will be tunneled back to the WLC.
Hope this helps.
Sent from Cisco Technical Support iPhone App
Scott, thanks for replying so quickly.
I was thinking about something about a guest wired LAN, but not sure about authentication for the printers.
Your suggestion is worth a try in the lab though...
Sent from Cisco Technical Support iPad App
I don't think that would work since wired guest do have to authenticate, no way to just bypass that.
Help out other by using the rating system and marking answered questions as "Answered"