Source address for LWAPP

Answered Question
Apr 30th, 2010
User Badges:

Hi


I am going to deploy a wireless newtork that will include a Guest anchor controller in a DMZ. I am trying tio draw up a list of firewall rules I will need for this to give the fireall admin ti implement. The question is what is the source of the LWAPP tunnel for guest access is it the APs or is it the controllers on the corporate network that they APs have registerd to ? I guess what I am saying is with mobilty groups with a gurst anchor on a DMZ is there a single tunnel for guest access direct from the AP to the guest anchor or are their two one form the AP to the controler then another from that controller to the guest anchor controller ?


Thanks


Pat

Correct Answer by dancampb about 6 years 11 months ago

When using mobility anchoring the mobility and EoIP packets are sent to/from the management interfaces of the controllers.


If you are looking at filtering traffic between the AP and the controller its joined to you would use the manager and ap-manager interface.  The AP needs to talk to the management interface to join.  After its joined joined the AP talks to the ap-manager interface.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Patrick Colbeck Fri, 04/30/2010 - 05:18
User Badges:

Just found the answer to my own question. The tunnel is WLC to Guest Anchor. Good this makes firewall rules easier

Correct Answer
dancampb Fri, 04/30/2010 - 06:19
User Badges:
  • Cisco Employee,

When using mobility anchoring the mobility and EoIP packets are sent to/from the management interfaces of the controllers.


If you are looking at filtering traffic between the AP and the controller its joined to you would use the manager and ap-manager interface.  The AP needs to talk to the management interface to join.  After its joined joined the AP talks to the ap-manager interface.

Actions

This Discussion