Guest access to the Internet with Guest Anchor Controller
We are doing our initial implementation of an enterprise wireless system. I deployed a WLC 5508 connected to our data center core switch using LAG. The 5508 is configured in FlexConnect mode since it is serving APs deployed to a handful of remote offices. Employee wireless access has been rolled out and is working well.
I am designing guest access. As is typical, I want to enforce a policy that guest wireless traffic is forwarded to the Internet Edge in our DMZ and directed out to the Internet. We do not plan to deploy a Guest Anchor controller in the first phase of the roll out.
What is the best way to enforce forwarding of guest traffic towards the Internet Edge once the guest traffic arrives at the 5508? A guest VLAN between the core switch and the Internet Edge isn't feasible since there is a firewall between the core and DMZ that is configured in Routed mode.