02-13-2021 08:09 AM - edited 07-05-2021 01:14 PM
Hi Guys,
My company is looking at installing the Cisco Wireless LAN Controller software for managing our Access Points and promoting BYOD (Bring your own device).
We currently operate 6 sites throughout the country all connected by WAN. We currently have Cisco AP's fed off site-based ADSL connections, and they are in standalone mode.
I want to upgrade each internet connection to fibre feeding the AP, and have a WLC for management based at head-office. However here's where it gets complicated. I want to have one SSID that supplies both Internet AND corporate data. I am thinking of using VPN clients on BYODs and port-mapping IPsec traffic into corporate where the VPN is acknowledged and checked by Checkpoint Firewall, authenticated through TACACS (inheriting through AD)
What are your thoughts / alternative solutions? Have any of you implemented anything similar?
Thanks in advanced
02-13-2021 02:57 PM
@zacksynder85 wrote:
I want to have one SSID that supplies both Internet AND corporate data. I am thinking of using VPN clients on BYODs
Regardless of the size of the network, it is recommended that Corporate and Guest to have their own separate SSID.
02-14-2021 10:15 PM
True, troubleshooting also becomes easier when segregated.
02-15-2021 10:01 AM
Leo and Joyaljp are correct but since you were looking for alternative solutions here is one: by using ISE and TrustSec you can use only one SSID for both Guest and corp, for more info check the TrustSec Design Guides here https://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/design-guide-listing.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide