Virtual WLAN Controller Guest Anchor

sslittle · ‎12-07-2012

We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.

We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.

I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and can anyone advise if thsi is a supprted deployment model.

Scott Fella · ‎12-07-2012

Well you can use the vWLC to anchor to a 5508, but not the other way around. So if you use the DMZ 5508 for OfficeExtend, you will not be able to anchor the traffic back to the inside. Cisco doesn't support reverse anchoring for a Remote-LAN in OfficeExtend and requires you to actually have the OfficeExtend AP's connect to an inside WLC. In v7.0.x you were able to do this reverse anchor, but it was removed on later codes.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

sslittle · ‎12-07-2012

Scott Fella,

Thanks for your reply and good news that Guests can be anchored back to the DMZS controller. We plan to terminate the office extend sessions on the DMZ controller. The remote OEAP users traffic will then have to traverse through the firewall to gain access to internal resources. It may be that we do not allow access to everything and we think this will be a secure model.