Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1356
Views
0
Helpful
6
Replies

SSID Type for deporting user traffic from Intranet to DMZ

Go to solution
holzhirt1
Level 1
Level 1

‎03-11-2014 05:50 AM - edited ‎07-05-2021 12:23 AM

Hi,

We would like to use a pair of WLCs in the DMZ to have the traffic of a specific SSID directly deported to the DMZ.

This could look like as a Guest but in our case it would be more a BYOD deployment, allowing mobile devices to surf onto Internet but without having access to Intranet at all.

I found a lots of guide for deploying Cisco Guest access with anchors etc... but a lot are old, I did some researches for BYOD but all seems very general.

For i.e. http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch10GuAc.html

 

 

Mobiles devices will use 802.1x auth with certificates or PEAP, so no portal, webauth or sponsors in that context.

 

I try to post my question here :

On the DMZ WLC's I need to create the same SSID as we have in the Intranet, but SSID type should be normal (WLAN) or Guest LAN or Remote LAN ?

And if I'm correct I need to create on the DMZ WLCs a new interface that will be used for user data traffic, this would need to be set on the SSID as well ?

Thanks for your support,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ashish Chandra
Level 1
Level 1
In response to holzhirt1

‎03-11-2014 08:05 AM

The one which you want as anchor, on that controller if you click on create it will appear as local, for foreign controller Highlight the IP address of anchor from drop down and then click Mobility Anchor Create.

 

Considering DMZ as your anchor controller.

DMZ Controller : Local

Intranet  Controller : IP Address of DMZ Controller

 

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Ashish Chandra
Level 1
Level 1

‎03-11-2014 06:37 AM

Create a Normal WLAN and map it to DMZ Interface the one you created, that should take care of all your BYOD environment.

 

Thanks,

Ashish

0 Helpful

Go to solution
holzhirt1
Level 1
Level 1
In response to Ashish Chandra

‎03-11-2014 06:42 AM

Dear,

thanks for your prompt reply, but I believe that I need also to anchor the SSIDs on Intranet & DMZ via :

WLAN > SSID > Moblity Anchor no?

I would be glad if someone can tell how I need to anchor on Intranet WLC and idem for DMZ WLC :-)

thanks a milion

0 Helpful

Go to solution
Ashish Chandra
Level 1
Level 1
In response to holzhirt1

‎03-11-2014 07:29 AM

Go to the controller which you want as an anchor.

WLANs > Wlan Name > at the very right you will see a blue drop down arrow, just hover your mouse over it and select Mobility Anchors.

0 Helpful

Go to solution
holzhirt1
Level 1
Level 1
In response to Ashish Chandra

‎03-11-2014 07:33 AM

Thanks but this I know :-), what I would like to know is what I need to add on the DMZ WLCs and on the Intranet WLCs, sometimes I read only local, sometimes you need to add the other WLC it is not completely clear...

0 Helpful

Go to solution
Ashish Chandra
Level 1
Level 1
In response to holzhirt1

‎03-11-2014 08:05 AM

The one which you want as anchor, on that controller if you click on create it will appear as local, for foreign controller Highlight the IP address of anchor from drop down and then click Mobility Anchor Create.

 

Considering DMZ as your anchor controller.

DMZ Controller : Local

Intranet  Controller : IP Address of DMZ Controller

 

 

0 Helpful

Go to solution
holzhirt1
Level 1
Level 1

‎03-12-2014 07:23 AM

Dear,

 

Thanks for the informations provided

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card