cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2219
Views
0
Helpful
3
Replies
Highlighted
Beginner

Guest Wireless and DNS

During our implementation of Guest Wireless (currently ongoing), we are trying to decide where to point to for DNS.

We have a 5508 WLC in our Internet DMZ and it acts as the Anchor WLC. This WLC is also used as the DHCP server for the Guest Wireless clients.

We are debating whether to point the clients internally to our primary DNS servers, or externally to the public service provider DNS servers. The only DNS servers in the DMZ are external forwarders.

From a network standpoint, I think either solution would work. But from a security standpoint, which is better? Or is there another option?

Can anyone recommend a standard or best practice design when it comes to DNS for Guest Wireless?

Thanks in advance!

Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Hall of Fame Master

Re: Guest Wireless and DNS

Use an external dns if possible. The only time I would use an internal is if I install a 3rd party certificate on the guest anchor to get rid of the certificate error page during a webauth and the client doesn't have an external dns or the isp will not add an A record to resolve the certificate CN name.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

View solution in original post

Highlighted

Re: Guest Wireless and DNS

If you are not playing around with third party certificates for webauth. Just point to external Internet servers. The only reason to use yours is if they would need access to internal resources, like a printer.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

View solution in original post

3 REPLIES 3
Highlighted
Hall of Fame Master

Re: Guest Wireless and DNS

Use an external dns if possible. The only time I would use an internal is if I install a 3rd party certificate on the guest anchor to get rid of the certificate error page during a webauth and the client doesn't have an external dns or the isp will not add an A record to resolve the certificate CN name.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

View solution in original post

Highlighted

Re: Guest Wireless and DNS

If you are not playing around with third party certificates for webauth. Just point to external Internet servers. The only reason to use yours is if they would need access to internal resources, like a printer.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

View solution in original post

Highlighted
Beginner

Re: Guest Wireless and DNS

Thanks for the info - exactly what I needed. The guest access is not needed internally and I am not doing cerficicates. Therefore - external it is.

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards