Re: Guest Traffic Segregation without using Anchor Controller

Puneet Gupta · ‎04-08-2013

Hi

I need help in calrifiing , is there any other option avaialble to segregate the guest traffic from CORP on internal WLC itself without using anchor controller ?

Scott Fella · ‎04-08-2013

Sure... You either use ACL's or you don't use LAG on the WLC and you have one port connect to your DMZ.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Puneet Gupta · ‎04-08-2013

Hi Scott

We have one cisco 4402 and one cisco 5508 WLC

Is it possible on both WLC ?

if yes , how can we achieve this ? i mean what will be configuration required on WLC?

Scott Fella · ‎04-08-2013

Well really can't tell you or else it would be a book. You either have use ACL's on your layer 3 to deny traffic from your guest subnet to your internal. Nothing has to change on the WLC. If you want to connect one port of the WLC to the DMZ, then disable LAG on the WLC and use port one as primary for the internal traffic which includes management and another port in the WLC as primary for the guest.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Puneet Gupta · ‎04-08-2013

Hi Scott, Ahmed

Thanks for the help

I meant , if you can provide me any cisco documnet which shows this type of implementaion .

But what happens when phyical media or one po`rt goes down ? I think , there will be no redundnacy either for CORP or GUEST users.

mscherting · ‎04-08-2013

If you have your own MPLS network:

Create a guest vrf.

Create a guest subnet & vlan in the guest vrf.

Trunk the guest vlan to the WLC.

Create a guest interface in the guest subnet on the WLC.

Assign guest SSID/WLAN to the guest interface.

Not really practical to set up just for guest wireless but it works and scales well.