Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

single 5508 traffic segregation options


In looking over some design guides, I noticed for a multi-WLC environment, one can use an anchor controller in the dmz to segregate guest traffic, so the WLC(s) on the client's internal network terminate tunnels and then sends EoIP traffic to the anchor in the dmz for the guest traffic.

For a single 5508, it appears there is no such option unless the multiple WLC ports could be used: some to terminate tunnels and then others to egress guest traffic out a different port connected to the dmz.

I suspect that is not possible. Wondering what is possible when constrained by a single 5508 for guest traffic segregation. Thanks.

Cisco Employee

single 5508 traffic segregation options

#whether it is one internal to one guest or multiple internal to one guest the physical connection is always same.

#only management interface of both internal & anchor needs to be talking physically irrespective of guest wlans getting tunnelled between that internal & anchor WLC, ofcoarse need a physical port configured for guest vlan at dmz.

#For WLC(internal) without dmz-wlc you need one physical port mapped to that guest vlan, either you can use ACL on WLC or at firewall.

CreatePlease to create content