cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
637
Views
0
Helpful
1
Replies

guest wireless solution

Subash Sharma
Level 1
Level 1

Hi All,

 

I am working on a guest and corporate solution for wireless and have followed the guest access solution from Cisco. But, i am having some doubts regarding the data traffic path. Attached is my high level design. red line indicates guest traffic.

1. The guest anchor is outside the firewall. does it means that my guest users authenticating with the AP(using WPA2) seems to appear from the guest anchor wlc? i.e if i block the guest vlan that i have created in guest anchor wlc in the firewall, does it block all access to internal network?

2. since this is converged access, the 3850 MA will create mobility tunnels to the MC which is inside the firewall and then another mobility tunnel to the guest anchor. does that means that guest traffic will travel all the way from AP ---> 3850 ----> MC ----> guest anchor? if yes, then how can i confidently say that guest traffic is not talking to my internal network? the privacy to guest network is provided by capwap encryption?

3. if the guest traffic is encrypted up to guest anchor, what ports needs to be opened in the firewall for MC ---> guest anchor wlc communication?

4. how secure is this capwap encryption? what protocols does it use?

 

appreciate if you could shed lights on to the above doubts.

 

regards,

dathan

1 Reply 1

Subash Sharma
Level 1
Level 1

Hi All,

 

Any advice to the above queries will be largely appreciated.

 

regards,

dathan

Review Cisco Networking for a $25 gift card