Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Wireless network in a flat LAN

Hi experts, I am tasked to setup a wireless LAN for the corporate users and guests in a corporate HQ and a VPN site connected to the HQ. The Corporate HQ has a multi VLAN environment and guest access is of no issue but the site office has only 1 flat VLAN. Is there any alternative to creating 2 different accesses for local users and guests in a flat VLAN or the only way is to have 2 VLANs in order to have corporate LAN and guest LAN? The wireless controller is located in the site office and the HQ has 2 thick APs.

I am going to create another VLAN in the HQ for guest anyway, so what types of configuration do i need to take note of if the site office has only a router (which is establishing the VPN link to the HQ) connected to a layer 2 switch for the local LAN?

Than you for your time reading this!

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

Wireless network in a flat LAN

If you want you can serve site office with the subnet creating for Corporate & Guest users in HQ. As long as you register your site office AP to WLC in local mode or FlexConnect (Central Switching) all traffic come back to WLC. In this way you do not want to have seperate vlan for this in your remote site.

But if you concern about this traffic traverse VPN all the time (kind of inefficient for certain traffic flow) then you have to do local switching & need to have multiple vlan at your site office

HTH

Rasika

Hall of Fame Super Gold

Wireless network in a flat LAN

It looks like the better option is to create another VLAN for guest in both the HQ and the site office.

For the sake of security, creating a separate subnet for guests can ensure that corporate resources will remain private.

You can restrict what guests can/can't do when you separate the subnets.

5 REPLIES
VIP Purple

Wireless network in a flat LAN

If you want you can serve site office with the subnet creating for Corporate & Guest users in HQ. As long as you register your site office AP to WLC in local mode or FlexConnect (Central Switching) all traffic come back to WLC. In this way you do not want to have seperate vlan for this in your remote site.

But if you concern about this traffic traverse VPN all the time (kind of inefficient for certain traffic flow) then you have to do local switching & need to have multiple vlan at your site office

HTH

Rasika

New Member

Wireless network in a flat LAN

Hi Raskia,

thank you for your reply. It looks like the better option is to create another VLAN for guest in both the HQ and the site office. It is more manageable and it will be more clean to have a separate VLAN for that purpose.

Hall of Fame Super Gold

Wireless network in a flat LAN

It looks like the better option is to create another VLAN for guest in both the HQ and the site office.

For the sake of security, creating a separate subnet for guests can ensure that corporate resources will remain private.

You can restrict what guests can/can't do when you separate the subnets.

Hall of Fame Super Gold

Wireless network in a flat LAN

Thanks for the ratings, Marcus.

Wireless network in a flat LAN

The authentication mechanism used to authenticate a client can be defined as Central or Local.

Central Authentication—Refers to the authentication type that involves the process of the WLC from the remote site.

Local Authentication—Refers to the authentication types that do not involve any processing from the WLC for authentication

323
Views
0
Helpful
5
Replies
CreatePlease to create content