Dedicated DMZ Controller vs Dedicated Port on Controller

Unanswered Question
Oct 17th, 2007

Is a dedicated controller in DMZ really required for Guest Access?

I haven't found a wealth of justification for a dedicated controller in DMZ for a location which has only 3 APs.

What is the risk level of directly attaching a port on a 4400 controller to the DMZ and configuring the Guest wireless LAN to use that port?

What would be the benefit of a dedicated 4400 in the DMZ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srahn Thu, 10/18/2007 - 04:30

The main purpose of the DMZ anchor controller is to eliminate human error security threats and physical interconnection between internal/external. Obviously, there is always the equation of cost vs performance vs security. You will find during a security audit, the auditor will ding you for having any physical interconnection between an internal network and external or DMZ network without a firewall in between. Even if it's a layer 2 connection, you'll get dinged. If you're counting on router ACL's, then you're left open to a fat-finger problem on the ACL. Either way, the DMZ anchor controller is the best way to ensure security but obviously is a costly solution for a 3 AP deployment. Less costly than a PCI audit failure, but costly.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode