Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wireless Controller supporting both Guest VLAN and Corporate VLAN

I have an issue supporting both a Guest VLAN and Corporate VLAN from one Controller. We have members of our security staff that discusses the weakness the the VLAN approach to reside internally within the Corporate network prior to going out the Firewall as a Guest VLAN. But when you put it in a DMZ they see weaknesses to allowing VLAN's transferring through the Firewall. They are also very concerned that if a misstake is made on the controller for the Guest VLAN then this would compromise all Corporate Traffic within the Corporate Network...

The only recourse that makes everyone happy is to purchase two controllers one physically located in the dirty net and the other physically located in the corporate net with a completely different set of WAP's. Due to the cost and support this will soon become a nightmare. Has anyone been faced with this problem in their corporate network? Would appreciate any help...


Re: Wireless Controller supporting both Guest VLAN and Corporate

The trick is to use an anchor controller. that is one controller in t intranet one controller in the dmz.

take a look at: Cisco Unified Wireless Guest Access Services

New Member

Re: Wireless Controller supporting both Guest VLAN and Corporate

Get yourself the lightweight access points and a wireless lan controller. This will then allow central management and setup of all your access points, allowing setup of a corporate vlan which can do certificate based authentication for all your coporate devices, and a guest vlan which you can have a 128bit key you give out to those that require guest access.

It also allows you to monitor connectivity across your wireless lan, and identify rogue access points and wi-fi client attacks etc.

If you add in the locater appliancce too then you can actually track either real-time or one device at a time (depending on the licence), to enable you to locate where all wireless clients are, which can help track down wireless devices and clients attempting to hack into your network.