Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Securely connecting a guest network

As a large teaching hospital we have been approached by our partner university to allow their staff and students the use of our wireless infrastructure to access the university network, they ideally want to use their wireless setting (wpa2 enterprise) and their ssid to allow people to move between campuses without reconfiguring.

due to data protection rules and large amounts of complexity we can not allow our controllers and network to see the universities network and radius servers. what the plan would be would be to use the guest ssid and a anchor controller on the other side of a firewall and tunnel their traffic through the network and out.

the 2 main questions are:

Is it possible to have a guest ssid with wpa security associated with it, is this done on the anchor controller?

the second but not critical question is that they map their users to 1 of 4 vlans based on their group on their radius server is this still possible?

any other information needed please ask,

Thanks in advance,


New Member

Re: Securely connecting a guest network

Hi Adam,

Yeah, I reckon if you use guest tunneling then the controllers wouldn't be in contact with the Uni's infrastructure. This would negate the possibility of somehow getting the Uni's Radius to tell your controllers what VLAN to connect the guest clients to.

I reckon you should configure the ssid security on the foreign controller(s) as they'll be delivering the WLAN association.

Hope this is helpful


New Member

Re: Securely connecting a guest network

Hi Adam, i face now exactly the same Challenge with the same constellation, using DMZ Controllers and WPA Enterprise with Radius for the tunneled SSIDs. Do you have a working Constellation? Did you face any problems?

Regards, Michael