12-07-2012 01:26 AM - edited 07-03-2021 11:11 PM
We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.
I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and can anyone advise if thsi is a supprted deployment model.
12-07-2012 05:26 AM
Well you can use the vWLC to anchor to a 5508, but not the other way around. So if you use the DMZ 5508 for OfficeExtend, you will not be able to anchor the traffic back to the inside. Cisco doesn't support reverse anchoring for a Remote-LAN in OfficeExtend and requires you to actually have the OfficeExtend AP's connect to an inside WLC. In v7.0.x you were able to do this reverse anchor, but it was removed on later codes.
Sent from Cisco Technical Support iPhone App
12-07-2012 10:45 AM
Scott Fella,
Thanks for your reply and good news that Guests can be anchored back to the DMZS controller. We plan to terminate the office extend sessions on the DMZ controller. The remote OEAP users traffic will then have to traverse through the firewall to gain access to internal resources. It may be that we do not allow access to everything and we think this will be a secure model.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide