Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Dedicated DMZ Controller vs Dedicated Port on Controller

Is a dedicated controller in DMZ really required for Guest Access?

I haven't found a wealth of justification for a dedicated controller in DMZ for a location which has only 3 APs.

What is the risk level of directly attaching a port on a 4400 controller to the DMZ and configuring the Guest wireless LAN to use that port?

What would be the benefit of a dedicated 4400 in the DMZ?

New Member

Re: Dedicated DMZ Controller vs Dedicated Port on Controller

The main purpose of the DMZ anchor controller is to eliminate human error security threats and physical interconnection between internal/external. Obviously, there is always the equation of cost vs performance vs security. You will find during a security audit, the auditor will ding you for having any physical interconnection between an internal network and external or DMZ network without a firewall in between. Even if it's a layer 2 connection, you'll get dinged. If you're counting on router ACL's, then you're left open to a fat-finger problem on the ACL. Either way, the DMZ anchor controller is the best way to ensure security but obviously is a costly solution for a 3 AP deployment. Less costly than a PCI audit failure, but costly.

CreatePlease to create content