Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Guest access

Hi guys I have a few simple questions regarding guest access

Firstly do I really need to use a seperate anchor controller can I not simply route the guest vlan to a dsl connection? I have used this before but need a bit of clarity as the guest anchor is costly and I need to justify this to the client.

If I have 10 branch office using HREAP I propose to use 2 2112 controllers as I can only use the first 8 SSIDs if I have seperate WLANS at each branch.

If I have a 2 2112s and dont use an anchor controller I propose to centrally manage the guest access from a WCS.

Im planning on using authentication lovcal switch local for the HREAP with guest access tunnelled back. Just getting a little complex and looking at cost justification.


Re: Guest access

So ideally, the anchor controller is used to ease the security. If you anchor all of your guests into a DMZ, then theoretically they are not "in" your network.

If you chose to not use an anchor controller, you could always dump that traffic into a "guest" vlan. As long as you have security in place to keep that guest vlan from touching your network devices, then I suppose that would be acceptable.

Again, the anchor controller would allow you to easily and securely dump your clients into a DMZ effectively preventing them from accessing your network. But this also assumes you have a DMZ properly secured....

I think it just depends on what level of security you're looking for. If you know you can secure a vlan within the network, then I personally don't see a problem with it. But I'm not a security person....

Hall of Fame Super Silver

Re: Guest access

Wesley is corret, you don't need a guest anchor, but is does simplifies things. Also Why would you use seperate ssid's for each branch office? Having the same ssid for internal users, guest users, etc keeps things simple. Plus users can go to another facility and don't have to chage his or her profile.

*** Please rate helpful posts ***
New Member

Re: Guest access

Thanks for the replies as usual great and sensible. I am pre-emting the customer requirements. I am going to suggest 2 SSID corporate and guest but you never know, plus it will almost certainly come down to cost as the client looks like they do things on a shoestring.

Many thanks