Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

single 5508 traffic segregation options

Unanswered Question
Jul 3rd, 2012
User Badges:
  • Bronze, 100 points or more


In looking over some design guides, I noticed for a multi-WLC environment, one can use an anchor controller in the dmz to segregate guest traffic, so the WLC(s) on the client's internal network terminate tunnels and then sends EoIP traffic to the anchor in the dmz for the guest traffic.

For a single 5508, it appears there is no such option unless the multiple WLC ports could be used: some to terminate tunnels and then others to egress guest traffic out a different port connected to the dmz.

I suspect that is not possible. Wondering what is possible when constrained by a single 5508 for guest traffic segregation. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Saravanan Lakshmanan Tue, 07/03/2012 - 14:56
User Badges:
  • Cisco Employee,

#whether it is one internal to one guest or multiple internal to one guest the physical connection is always same.

#only management interface of both internal & anchor needs to be talking physically irrespective of guest wlans getting tunnelled between that internal & anchor WLC, ofcoarse need a physical port configured for guest vlan at dmz.

#For WLC(internal) without dmz-wlc you need one physical port mapped to that guest vlan, either you can use ACL on WLC or at firewall.


This Discussion

Related Content