Guest access

Unanswered Question

Hi guys I have a few simple questions regarding guest access

Firstly do I really need to use a seperate anchor controller can I not simply route the guest vlan to a dsl connection? I have used this before but need a bit of clarity as the guest anchor is costly and I need to justify this to the client.

If I have 10 branch office using HREAP I propose to use 2 2112 controllers as I can only use the first 8 SSIDs if I have seperate WLANS at each branch.

If I have a 2 2112s and dont use an anchor controller I propose to centrally manage the guest access from a WCS.

Im planning on using authentication lovcal switch local for the HREAP with guest access tunnelled back. Just getting a little complex and looking at cost justification.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wesleyterry Tue, 01/20/2009 - 17:33

So ideally, the anchor controller is used to ease the security. If you anchor all of your guests into a DMZ, then theoretically they are not "in" your network.

If you chose to not use an anchor controller, you could always dump that traffic into a "guest" vlan. As long as you have security in place to keep that guest vlan from touching your network devices, then I suppose that would be acceptable.

Again, the anchor controller would allow you to easily and securely dump your clients into a DMZ effectively preventing them from accessing your network. But this also assumes you have a DMZ properly secured....

I think it just depends on what level of security you're looking for. If you know you can secure a vlan within the network, then I personally don't see a problem with it. But I'm not a security person....

Scott Fella Tue, 01/20/2009 - 20:40

Wesley is corret, you don't need a guest anchor, but is does simplifies things. Also Why would you use seperate ssid's for each branch office? Having the same ssid for internal users, guest users, etc keeps things simple. Plus users can go to another facility and don't have to chage his or her profile.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode