Guest access

Unanswered Question

Hi guys I have a few simple questions regarding guest access

Firstly do I really need to use a seperate anchor controller can I not simply route the guest vlan to a dsl connection? I have used this before but need a bit of clarity as the guest anchor is costly and I need to justify this to the client.

If I have 10 branch office using HREAP I propose to use 2 2112 controllers as I can only use the first 8 SSIDs if I have seperate WLANS at each branch.

If I have a 2 2112s and dont use an anchor controller I propose to centrally manage the guest access from a WCS.

Im planning on using authentication lovcal switch local for the HREAP with guest access tunnelled back. Just getting a little complex and looking at cost justification.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
wesleyterry Tue, 01/20/2009 - 17:33
User Badges:
  • Bronze, 100 points or more

So ideally, the anchor controller is used to ease the security. If you anchor all of your guests into a DMZ, then theoretically they are not "in" your network.

If you chose to not use an anchor controller, you could always dump that traffic into a "guest" vlan. As long as you have security in place to keep that guest vlan from touching your network devices, then I suppose that would be acceptable.

Again, the anchor controller would allow you to easily and securely dump your clients into a DMZ effectively preventing them from accessing your network. But this also assumes you have a DMZ properly secured....

I think it just depends on what level of security you're looking for. If you know you can secure a vlan within the network, then I personally don't see a problem with it. But I'm not a security person....

Scott Fella Tue, 01/20/2009 - 20:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Wesley is corret, you don't need a guest anchor, but is does simplifies things. Also Why would you use seperate ssid's for each branch office? Having the same ssid for internal users, guest users, etc keeps things simple. Plus users can go to another facility and don't have to chage his or her profile.

Thanks for the replies as usual great and sensible. I am pre-emting the customer requirements. I am going to suggest 2 SSID corporate and guest but you never know, plus it will almost certainly come down to cost as the client looks like they do things on a shoestring.

Many thanks


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode