Re: Cisco WLC Questions

oklahamas · ‎04-13-2022

Hi Guys,

My company is looking at installing the Cisco Wireless LAN Controller software for managing our Access Points and promoting BYOD (Bring your own device).

We currently operate 6 sites throughout the country all connected by WAN. We currently have Cisco AP's fed off site-based ADSL connections, and they are in standalone mode.

I want to upgrade each internet connection to fibre feeding the AP, and have a WLC for management based at head-office. However here's where it gets complicated. I want to have one SSID that supplies both Internet AND corporate data. I am thinking of using VPN clients on BYODs and port-mapping IPsec traffic into corporate where the VPN is acknowledged and checked by Checkpoint Firewall, authenticated through TACACS (inheriting through AD)

What are your thoughts / alternative solutions? Have any of you implemented anything similar?

Thanks in advanced.

Flavio Miranda · ‎04-14-2022

So, in terms of Clients you´re going to have one kind of clients, which is BYOD, but in terms of traffic you are going to have two kind of traffic( Internet and Corp) and you do not want to use more then one SSID?

With 2 SSID you could fix it simpler by creating a Corp SSID (Internet + Corporate) and a Guest SSID (Internet Only).

But, you can also create one SSID (Flexconnect mode) and split the tunnel on the VPN. Corp goes to Data Center and Internet only goes logacally.

I think it would be great if Internet access happend locally, I mean, you should not bring the traffic all the way to Data Center. But for that, you need to have some solution to apply policy on the traffic locally.

One solution that fits it very well is SDWAN with DIA feature. But it is possible with pure wifi as well.