Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
853
Views
1
Helpful
3
Replies

guest anchor traffic flow isolation

habdelmageed
Level 1
Level 1

‎08-12-2023 08:12 AM

Hi everyone

 

I have a guest SSID anchored to DMZ WLC and everything working fine with a customize guest solution, yet my client have his security concerns regarding the guest traffic that incase of any cyber attack our local network might be exposed or face a VLAN leaking, am looking for any documentation to confirm that the IP tunneling is secured and isolated from our local DC network, the traffic flow from the client to AP to foreign controller to DMZ controller is isolated and secured,

 

Many thanks for support in advance.

0 Helpful
3 Replies 3

marce1000
Hall of Fame
Hall of Fame

‎08-12-2023 10:01 AM

 

 - This is secure , as long as  the guest WLAN/VLAN is isolated from the Intranet as you are confirming , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

habdelmageed
Level 1
Level 1
In response to marce1000

‎08-12-2023 10:08 AM

Hi marce

Really appreciate your feedback

The issue that my client have a highly secured network with an air gaped guest environment and our CS team need a cisco documentation confirmation is there any document created by cisco to explain the anchor tunnel concept and isolation + port mapping for firewall rules for the traffic between DC zone & DMZ zone? 

 

Thanks in advance.

0 Helpful

Rasika Nayanajith
VIP Alumni
VIP Alumni
In response to habdelmageed

‎08-12-2023 01:16 PM

Depend on the controller model you used (AireOS - traditional vs IOS-XE/9800 - modern) tunnel traffic port numbers may change. Otherwise same concept applicable for Guest Anchoring.  You can refer following deployment guide & FAQ

9800-Guest Anchoring
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213912-configure-mobility-anchor-on-catalyst-98.html 

AireOS Guest Anchor config guide
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/configuring_auto_anchor_mobility.html 
Guest Wi-Fi FAQ
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/107458-wga-faq.html 

HTH
Rasika
*** Pls rate all useful responses ***

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card