cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
504
Views
0
Helpful
2
Replies

Wireless Controller supporting both Guest VLAN and Corporate VLAN

jbdeck1956
Level 1
Level 1

I have an issue supporting both a Guest VLAN and Corporate VLAN from one Controller. We have members of our security staff that discusses the weakness the the VLAN approach to reside internally within the Corporate network prior to going out the Firewall as a Guest VLAN. But when you put it in a DMZ they see weaknesses to allowing VLAN's transferring through the Firewall. They are also very concerned that if a misstake is made on the controller for the Guest VLAN then this would compromise all Corporate Traffic within the Corporate Network...

The only recourse that makes everyone happy is to purchase two controllers one physically located in the dirty net and the other physically located in the corporate net with a completely different set of WAP's. Due to the cost and support this will soon become a nightmare. Has anyone been faced with this problem in their corporate network? Would appreciate any help...

2 Replies 2

diro
Level 1
Level 1

The trick is to use an anchor controller. that is one controller in t intranet one controller in the dmz.

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns279/c649/ccmigration_09186a00808118de.pdf

take a look at: Cisco Unified Wireless Guest Access Services

bporter78
Level 1
Level 1

Get yourself the lightweight access points and a wireless lan controller. This will then allow central management and setup of all your access points, allowing setup of a corporate vlan which can do certificate based authentication for all your coporate devices, and a guest vlan which you can have a 128bit key you give out to those that require guest access.

It also allows you to monitor connectivity across your wireless lan, and identify rogue access points and wi-fi client attacks etc.

If you add in the locater appliancce too then you can actually track either real-time or one device at a time (depending on the licence), to enable you to locate where all wireless clients are, which can help track down wireless devices and clients attempting to hack into your network.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: