Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Guest Mobility Anchor - DMZ VLAN Config help

Hi All,


I am creating a Mobility Anchor setup for Guest network across campus.


We have a Core 6513 switch with FWM module in it. We also have total of 4 WiSM1 blades (8 controllers) managing around 450 Access Points.

We recently purchase a Cisco 5508 controller with 12 AP licenses and I want to use it in the DMZ for anchoring guest traffic.


We currently have a DMZ setup for DNS and mail servers. Can I use the same DMZ VLAN for 5508 Controller? I know that I've to allow specific ports on FWM to make sure Anchor and foreign controllers establish EoIP tunnel.


Or, is it better to create separate DMZ vlan for 5508?


I'm not good at Firewall/ACLs. Can someone share the configuration as how to create DMZ VLAN on Core, define Default route from Core to FWM allow interfaces on FWM for security level.