02-11-2017 02:37 PM - edited 07-05-2021 06:32 AM
Hello, I am on the eve of implementation wireless security access network. I should make a decision to use wlc anchor or not. Basically the scenario is there should be 2 SSIDs, Corporate and Guest. We will definitely use ISE as access control. In this case do we need to use anchor for guest access?
if anchor isolate guest traffic, ISE also can do it. What make me purhcase wlc anchorif I have ISE? I can't differentiate their functions clearly.
Can someone explain me, why I might need anchor?
It is urgent to make a decison, please help.
Thank you a lot
Solved! Go to Solution.
02-12-2017 06:45 PM
If it is a single site and you have ensure proper security between guest user network and rest of the network, I would not worry too much about an anchor WLC.
Rasika
02-11-2017 06:22 PM
if anchor isolate guest traffic, ISE also can do it. What make me purhcase wlc anchorif I have ISE? I can't differentiate their functions clearly. Can someone explain me, why I might need anchor?
Guest Anchor solution is used where you do not want to terminate Guest user traffic on the same network where your other user traffic terminate.
Usually Guest Anchor controller sits in a DMZ and all guest users get IP given from a DMZ subnet, so it can access public internet and no internal network.
This is really useful if you have multiple branches, where you do not want to terminate guest traffic at individual branches, instead terminate it a a central location DMZ.
ISE can be use to implement security, but not to L3 separation of networks as mentioned above.
HTH
Rasika
*** Pls rate all useful responses ***
02-11-2017 10:26 PM
Thank you for your reply.
For single site deployment, from security point of view, is it critical to install anchor? Even guest traffic is terminated in internal network, it is totally isolated with ISE and I still can't get a key point why I should get anchor. Does it worth extra budget, if I have ISE?
02-12-2017 06:45 PM
If it is a single site and you have ensure proper security between guest user network and rest of the network, I would not worry too much about an anchor WLC.
Rasika
02-12-2017 09:03 PM
Thank you for your reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide