Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

SSID Type for deporting user traffic from Intranet to DMZ

Hi,

We would like to use a pair of WLCs in the DMZ to have the traffic of a specific SSID directly deported to the DMZ.

This could look like as a Guest but in our case it would be more a BYOD deployment, allowing mobile devices to surf onto Internet but without having access to Intranet at all.

I found a lots of guide for deploying Cisco Guest access with anchors etc... but a lot are old, I did some researches for BYOD but all seems very general.

For i.e. http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch10GuAc.html

 

 

Mobiles devices will use 802.1x auth with certificates or PEAP, so no portal, webauth or sponsors in that context.

 

I try to post my question here :

On the DMZ WLC's I need to create the same SSID as we have in the Intranet, but SSID type should be normal (WLAN) or Guest LAN or Remote LAN ?

And if I'm correct I need to create on the DMZ WLCs a new interface that will be used for user data traffic, this would need to be set on the SSID as well ?

Thanks for your support,

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

The one which you want as

The one which you want as anchor, on that controller if you click on create it will appear as local, for foreign controller Highlight the IP address of anchor from drop down and then click Mobility Anchor Create.

 

Considering DMZ as your anchor controller.

DMZ Controller : Local

Intranet  Controller : IP Address of DMZ Controller

 

 

6 REPLIES
New Member

Create a Normal WLAN and map

Create a Normal WLAN and map it to DMZ Interface the one you created, that should take care of all your BYOD environment.

 

Thanks,

Ashish

New Member

Dear,thanks for your prompt

Dear,

thanks for your prompt reply, but I believe that I need also to anchor the SSIDs on Intranet & DMZ via :

WLAN > SSID > Moblity Anchor no?

I would be glad if someone can tell how I need to anchor on Intranet WLC and idem for DMZ WLC :-)

thanks a milion

New Member

Go to the controller which

Go to the controller which you want as an anchor.

WLANs > Wlan Name > at the very right you will see a blue drop down arrow, just hover your mouse over it and select Mobility Anchors.

New Member

Thanks but this I know :-),

Thanks but this I know :-), what I would like to know is what I need to add on the DMZ WLCs and on the Intranet WLCs, sometimes I read only local, sometimes you need to add the other WLC it is not completely clear...

New Member

The one which you want as

The one which you want as anchor, on that controller if you click on create it will appear as local, for foreign controller Highlight the IP address of anchor from drop down and then click Mobility Anchor Create.

 

Considering DMZ as your anchor controller.

DMZ Controller : Local

Intranet  Controller : IP Address of DMZ Controller

 

 

New Member

Dear, Thanks for the

Dear,

 

Thanks for the informations provided

225
Views
0
Helpful
6
Replies
CreatePlease to create content