Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1483
Views
0
Helpful
2
Replies

4402 anchor in DMZ, how to configure the Firewall

Mike Clites
Level 1
Level 1

‎06-28-2011 01:45 PM - edited ‎07-03-2021 08:22 PM

Hello,

I am not sure if there is a document or thread on this topic aleady though I have been looking.

We have a 5508 foreign controller

We have a 4402 anchor controller

We have a DMZ layer 2 only switch

We have a ASA5520 firewall

I have configured both WLC controllers for guest wireless to the DMZ. They see each other in the mobility group.

I have added vlan800 (arbitrary vlan we chose) in the DMZ switch. Currently is does not have any ip address on it and we would prefer if it stays that way.

We want the anchor to also provide the dhcp scope for all guest wireless which is why we created vlan800 on the DMZ switch as well as in the Anchor controller.

The Anchor controller vlan800 has an ip address 172.18.1.2/24.

The guest wireless network is 172.18.1.x/24 (again, provided by the anchor controller).

My firewall has a DMZ address of 172.16.67.1/24

Ok here is where I get more fuzzy, How do i configure my firewall to accept traffic from the new ip scope i created?

The firewall does not have anymore free physical ports so I think I have to somehow make the existing physical DMZ interface a trunk or give it a secondary ip address of 172.18.1.1/24 to become the gateway for the guest wireless traffic. (besides setting up the allow/deny rules for internet access in the firewall).

I have not been able to find a document that goes into the DMZ requirements for wireless so far.

Thanks!

Labels:
0 Helpful
2 Replies 2

dennischolmes
Level 7
Level 7

‎06-28-2011 04:15 PM

Have you tried trunking the port? Have you gotten the controllers talking to each other?

See this link:

http://www.cisco.com/en/US/partner/docs/wireless/wcs/7.0/configuration/guide/7_0ctrlcfg.html

0 Helpful

Mike Clites
Level 1
Level 1
In response to dennischolmes

‎06-29-2011 05:32 AM

Hi Dennis,

Yes I have gotten the two controllers talking to one another and able to do both ping test eping and the other one (i forget the name).

I do believe I have a working understanding of the anchor to foreign controller configuration.

My question is specific in as much as it relates to the DMZ switch and firewall.

The configuration of the DMZ switch and firewall is the documentation I am unable to locate with examples of this configuration.

I cannot seem to get to any link that has the word "partner" in it even though I log into my cisco account.

If there is a different link I would be happy to check it out.

As for your question about trunking the port, can you clarify which device your speaking of?

I have the DMZ switch port trunked that connects to the Anchor controller.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card