Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Source address for LWAPP

Hi

I am going to deploy a wireless newtork that will include a Guest anchor controller in a DMZ. I am trying tio draw up a list of firewall rules I will need for this to give the fireall admin ti implement. The question is what is the source of the LWAPP tunnel for guest access is it the APs or is it the controllers on the corporate network that they APs have registerd to ? I guess what I am saying is with mobilty groups with a gurst anchor on a DMZ is there a single tunnel for guest access direct from the AP to the guest anchor or are their two one form the AP to the controler then another from that controller to the guest anchor controller ?

Thanks

Pat

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Source address for LWAPP

When using mobility anchoring the mobility and EoIP packets are sent to/from the management interfaces of the controllers.

If you are looking at filtering traffic between the AP and the controller its joined to you would use the manager and ap-manager interface.  The AP needs to talk to the management interface to join.  After its joined joined the AP talks to the ap-manager interface.

2 REPLIES
New Member

Re: Source address for LWAPP

Just found the answer to my own question. The tunnel is WLC to Guest Anchor. Good this makes firewall rules easier

Gold

Re: Source address for LWAPP

When using mobility anchoring the mobility and EoIP packets are sent to/from the management interfaces of the controllers.

If you are looking at filtering traffic between the AP and the controller its joined to you would use the manager and ap-manager interface.  The AP needs to talk to the management interface to join.  After its joined joined the AP talks to the ap-manager interface.

218
Views
0
Helpful
2
Replies
CreatePlease to create content