Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
0
Helpful
1
Replies

Guest Access With Umbrella

Juliano Luz
Level 1
Level 1

‎03-09-2018 06:24 AM - edited ‎07-05-2021 08:21 AM

I need some clarification on configuring web filtering using Umbrella on Guest Network. I read a document with configurations on Umbrella, WLC, and ISE. But I'm not sure what configurations are applied on foreign controller and what configuration are applied to anchor WLC. Can someone point me to some guide showing how to configure foreign and anchor?

 

 

Labels:
0 Helpful
1 Reply 1

Flavio Miranda
VIP
VIP

‎03-09-2018 07:19 AM

@Juliano Luz

 

Aside from the Umbrella, which is a new Cisco service for security on the Cloud based on the OpenDNS, the Guest/Anchor is simple to configure. 

 The idea of Guest  anchoring uses an old resource of Cisco WLC that´s permit you to tunnel Clients traffic from one WLC to another in order to simplify network challenges. By tunneling client traffic, it is possible for a client move on the network without changing  its IP address,thus, keeping NAT session and consequently the Internet connection.

 For Guest the idea is a bit different. Here the idea is collect Guest traffic on the corp network, thus, simplifying the layer 1 and 2 by using the same infrastructure for Guest and Corp, saving money as well, and send the traffic to a DMZ where client traffic can be treated accordingly.

 It is a good idea to have on the DMZ a Guest DHCP and a Guest DNS as well, however, you can use this services from the corp network, as long as, you play by the rules with security.

 In terms of configuration, you need to create a mobility tunnel between Foreign (Corp) and Anchor (Guest) WLC. You need to create the Guest SSID on both WLC and make sure to have the very same parameters configuration on both SSIDs. On the SSID, right hand side, there´s a small up-side-down white triangle inside a blue square, you can configure the SSID for anchoring.

 An important detail is that the Anchor WLC needs to terminate the tunnel so that the WLC knows that it is the anchor WLC.

Take a look on this guide:

https://mrncciew.com/2013/03/22/auto-anchor-mobility/

 

 

-If I helped you somehow, please, rate it as useful.-

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card