Im trying to find solid reasons why the recommended approach for a guestnet evironment using anchor controllers in DMZ is more secured then local wireless guesnet running on its on local seperate vlans.
Other than ease of management and removing local guestent traffic from network via EOIP tunnel out to dmz. Whats are some of the better points for this change? Whats the security risks of local guestnet traffic?
Re: Wireless Guestnet DMZ vs local guestnet traffic
What you outlined is the main reasons. Personally it's a personal decision. Security upsell is the guest traffic never touches your switch fabric until the DMz. Either solution is fine. If you do get hit with an audit and the auditor is well versed with guest services he could recommend the anchor in the report.
Sent from Cisco Technical Support iPhone App
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin