• Advertisement

Tell Me Why I Need A Guest Anchor Controller

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.

Tell Me Why I Need A Guest Anchor Controller

Postby Guest » Fri Jan 07, 2011 12:43 pm

Please enlightent me as to why I need a guest anchor controller?

 

I keep asking myself, whats the point?

 

If I configure a VLAN interface with an ACL that allows outbound traffic only, let the controller handle DHCP and use Googles public DNS it is much simpler for me. I get the content filtering already on my network Websense, the guests are given firewall protection, all while being restricted from accessing internal network resources.

 

Is there something here that I am missing?

 

Thanks,

 

Phill

Guest
 

Advertisement

Re:Tell Me Why I Need A Guest Anchor Controller

Postby Guest » Fri Jan 07, 2011 12:44 pm

Hi,

 

Most of the time this is for the security.. The anchor will be plced in the DMZ and there wont be any APs registered to it.. the guest users access will go directly to internet where in the internal user will be secured.. so the guest cannot come to know about the internal info at all.. this is one of the advantage..


Lemme if this was helpfull

 

Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

Guest
 

Re:Tell Me Why I Need A Guest Anchor Controller

Postby Guest » Fri Jan 07, 2011 12:47 pm

You are not missing too much. You could configure the guest vlan with ACLs to only have access to internet through the firewall and restrict access to your internal network like this.

However in big topologies, this might not always be that easy so people can prefer to have one guest controller in the DMZ and all the other controllers using it to tunnel traffic.

 

Nicolas

Guest
 

Re:Tell Me Why I Need A Guest Anchor Controller

Postby Guest » Fri Jan 07, 2011 2:19 pm

Thanks for the responses. I do not manage the largest wireless network...I only expect it to grow to about 200 APs. I have a great demand for guest wireless access, but I expect it to be limited to less than, say 20 users at any single time organization wide.

 

I do take advantage of the anchoring feature...I use it to tunnel the wireless networks of other agencies through the wireless network that I manage. For the most part, it works great. However, for my organization, one centrally switched guest WLAN would work just fine.

 

Another approach to guest access that I can think of (without using an internal VLAN with an ACL or an anchor controller) would be to create another DMZ interface on the firewall and cable it over to either a separate interface on the wireless controller or cable it directly to an unrouted VLAN allowed to reach my controllers.

 

I am running dual 5508 controllers in a failover configuration. I use only two ports on each controller in LAG mode. If I recall, since I have chosen to use LAG, I can use the other ports separately? Am I correct?

 

I am beginning to believe that a DMZ approach may not be the most beneficial for my organization as getting the content filtering mechanism to work may be a challenge...however, it would bring the guest traffic outside the interior network.

 

At this point, I am leaning towards an internal VLAN with a properly configured ACL and the use of an outside public DNS server.

Would this be a sound approach to what I am trying to accomplish?

 

Thanks,

 

Phill

Guest
 

Re:Tell Me Why I Need A Guest Anchor Controller

Postby Guest » Fri Jan 07, 2011 3:34 pm

You e all correct and your way of doing is not bad at all :-)

 

Nicolas

Guest
 



  • Advertisement


Similar topics

Connecting 1131 LWAP to Controller over P2P VPN
Forum: Cisco Wireless
Author: Guest
Replies: 0

can I plug port 2 of my WLC 4404 into my dmz for guest user access
Forum: Cisco Wireless
Author: Anonymous
Replies: 0

Allow PortScan to Guest Subnets - ASA
Forum: Cisco Security
Author: Anonymous
Replies: 0

Guest User issue
Forum: Cisco Wireless
Author: Anonymous
Replies: 0

Primay controller
Forum: Cisco Wireless
Author: Anonymous
Replies: 0


Return to Cisco Security

Who is online

Users browsing this forum: No registered users and 2 guests