10-16-2021 04:33 AM
Hi,
I´d like to as a Design-related question regarding the general positioning of a Wireless LAN Controller- and ISE NAC appliance in a network!
Would it be necessary/useful to secure respectivly the Wireless LAN Controller and/or the ISE from the rest of the network through a firewall, in which case all AP relevant Mgmt- and Communitcation traffic and either all authentication requests to the ISE had to go through the firewall before reaching both of them?!
How do you basically handle that kind of design or does anybody know if there`re official design guides public published to see a recommendation or suggestion?
thanks for every kind of help in advance!
10-16-2021 04:44 AM
It all depends on what WLC control do the job, is this for Guest Anchoring or Corporate WIFI
I have attached good CVD, old one still valid and good most conditions ( until you looking to deploy DNAC or SD-Access - different case)
10-17-2021 01:35 AM
what do you mean with Guest Anchoring?
In first instance there`s only WLAN Access for Guests planned - using SMS for Authentication! But in the future it could be possible that also Corporate Devices will use WLAN and 802.1x e.g.
10-17-2021 04:53 AM
10-16-2021 07:13 AM
10-17-2021 01:41 AM
let`s assume that both of the components are located in the HQ or DC - I think it would`nt matter... the question is, would it make sense or is it useful if I put the APs in a different VLAN/IP-Subnet than the WLC and ISE and carry the Mgmt-Traffic like CAPWAP through a Firewall to the Controller (no local Breackout or Flexconnect) and also route traffic for authentication from the WLC to ISE as well through this Firewall? In that case the WLC and ISE have to be in different VLANs/IP-Subnets as well
Or is it best practive to put WLC and ISE in the same VLAN/IP-Subnet without any Security with a Firewall in between?
10-17-2021 02:41 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide