cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1069
Views
5
Helpful
6
Replies

Guest Access on a 5508

scottwilliamson
Explorer
Explorer

Hi All,

We currently tunnel guests to a 4402 that sits behind our firewall and it's been working well for a few years but I am aware that the 4402 is now EoL so I am exploring alternatives:

We also have several 5508s deployed and I'm wondering if - in any new guest access config - I can allocate one of its free h/w ports to connect to the firewall, even though the 5508 is configured to use LAG.

To put it another way can I configure a new port to a seperate VLAN and not be part of the the LAG'd ports or are you tied to having all ports acting as a group if LAG is switched on?

It might be a basic piece of knowledge but I really don't know.

Many thanks,

Scott

1 ACCEPTED SOLUTION

Accepted Solutions

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

No you can't. It is either all LAG or none at all. It would be nice to be able to define your lag ports and also define a separate port for another vlan, but it just doesn't work that way.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

6 REPLIES 6

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

No you can't. It is either all LAG or none at all. It would be nice to be able to define your lag ports and also define a separate port for another vlan, but it just doesn't work that way.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Thanks Scott,

Ah, if only.

Regards,

Scott

Yeah.... I have some clients too that wish they can do that.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Those 4400's still work well as an anchor evnen though they are going EOS\EOL.  So unless you have a redundant 5508 guest anchor, at least keep those as a just in case:)

-Scott
*** Please rate helpful posts ***

rhornberger
Beginner
Beginner

Yea...  We had the same issue, ended up just creating a VLAN without a routing instance and creating a new security zone on our firewall to tie the VLAN and routing instance to.  That's how we use an extra layer to keep it segregated... 

Thanks Richard, that's worth keeping in mind if our 4402 pegs out.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: