Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Guest Wireless and DNS

During our implementation of Guest Wireless (currently ongoing), we are trying to decide where to point to for DNS.

We have a 5508 WLC in our Internet DMZ and it acts as the Anchor WLC. This WLC is also used as the DHCP server for the Guest Wireless clients.

We are debating whether to point the clients internally to our primary DNS servers, or externally to the public service provider DNS servers. The only DNS servers in the DMZ are external forwarders.

From a network standpoint, I think either solution would work. But from a security standpoint, which is better? Or is there another option?

Can anyone recommend a standard or best practice design when it comes to DNS for Guest Wireless?

Thanks in advance!

Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: Guest Wireless and DNS

Use an external dns if possible. The only time I would use an internal is if I install a 3rd party certificate on the guest anchor to get rid of the certificate error page during a webauth and the client doesn't have an external dns or the isp will not add an A record to resolve the certificate CN name.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Re: Guest Wireless and DNS

If you are not playing around with third party certificates for webauth. Just point to external Internet servers. The only reason to use yours is if they would need access to internal resources, like a printer.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
3 REPLIES
Hall of Fame Super Silver

Re: Guest Wireless and DNS

Use an external dns if possible. The only time I would use an internal is if I install a 3rd party certificate on the guest anchor to get rid of the certificate error page during a webauth and the client doesn't have an external dns or the isp will not add an A record to resolve the certificate CN name.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Re: Guest Wireless and DNS

If you are not playing around with third party certificates for webauth. Just point to external Internet servers. The only reason to use yours is if they would need access to internal resources, like a printer.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Guest Wireless and DNS

Thanks for the info - exactly what I needed. The guest access is not needed internally and I am not doing cerficicates. Therefore - external it is.

1445
Views
0
Helpful
3
Replies
CreatePlease to create content