Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1161
Views
0
Helpful
5
Replies

Wireless network in a flat LAN

Go to solution
Marcus Peck
Level 1
Level 1

‎09-11-2013 06:50 AM - edited ‎07-04-2021 12:48 AM

Hi experts, I am tasked to setup a wireless LAN for the corporate users and guests in a corporate HQ and a VPN site connected to the HQ. The Corporate HQ has a multi VLAN environment and guest access is of no issue but the site office has only 1 flat VLAN. Is there any alternative to creating 2 different accesses for local users and guests in a flat VLAN or the only way is to have 2 VLANs in order to have corporate LAN and guest LAN? The wireless controller is located in the site office and the HQ has 2 thick APs.

I am going to create another VLAN in the HQ for guest anyway, so what types of configuration do i need to take note of if the site office has only a router (which is establishing the VPN link to the HQ) connected to a layer 2 switch for the local LAN?

Than you for your time reading this!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rasika Nayanajith
VIP
VIP

‎09-11-2013 12:42 PM

If you want you can serve site office with the subnet creating for Corporate & Guest users in HQ. As long as you register your site office AP to WLC in local mode or FlexConnect (Central Switching) all traffic come back to WLC. In this way you do not want to have seperate vlan for this in your remote site.

But if you concern about this traffic traverse VPN all the time (kind of inefficient for certain traffic flow) then you have to do local switching & need to have multiple vlan at your site office

HTH

Rasika

View solution in original post

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Marcus Peck

‎09-11-2013 06:35 PM 

It looks like the better option is to create another VLAN for guest in both the HQ and the site office.

For the sake of security, creating a separate subnet for guests can ensure that corporate resources will remain private.

You can restrict what guests can/can't do when you separate the subnets.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rasika Nayanajith
VIP
VIP

‎09-11-2013 12:42 PM

If you want you can serve site office with the subnet creating for Corporate & Guest users in HQ. As long as you register your site office AP to WLC in local mode or FlexConnect (Central Switching) all traffic come back to WLC. In this way you do not want to have seperate vlan for this in your remote site.

But if you concern about this traffic traverse VPN all the time (kind of inefficient for certain traffic flow) then you have to do local switching & need to have multiple vlan at your site office

HTH

Rasika

0 Helpful

Go to solution
Marcus Peck
Level 1
Level 1
In response to Rasika Nayanajith

‎09-11-2013 06:29 PM

Hi Raskia,

thank you for your reply. It looks like the better option is to create another VLAN for guest in both the HQ and the site office. It is more manageable and it will be more clean to have a separate VLAN for that purpose.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Marcus Peck

‎09-11-2013 06:35 PM 

It looks like the better option is to create another VLAN for guest in both the HQ and the site office.

For the sake of security, creating a separate subnet for guests can ensure that corporate resources will remain private.

You can restrict what guests can/can't do when you separate the subnets.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Marcus Peck

‎09-11-2013 10:16 PM

Thanks for the ratings, Marcus.

0 Helpful

Go to solution
Abhishek Abhishek
Cisco Employee
Cisco Employee

‎09-11-2013 03:28 PM

The authentication mechanism used to authenticate a client can be defined as Central or Local.

Central Authentication—Refers to the authentication type that involves the process of the WLC from the remote site.

Local Authentication—Refers to the authentication types that do not involve any processing from the WLC for authentication

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card