12-08-2013 02:41 AM - edited 07-04-2021 01:23 AM
Im trying to find solid reasons why the recommended approach for a guestnet evironment using anchor controllers in DMZ is more secured then local wireless guesnet running on its on local seperate vlans.
Other than ease of management and removing local guestent traffic from network via EOIP tunnel out to dmz. Whats are some of the better points for this change? Whats the security risks of local guestnet traffic?
thanks
12-08-2013 06:40 AM
You've really hit the nail on the head already.
Basically it's about pushing the untrusted traffic out to the DMZ where they have to traverse the firewall to get to anything inside.
Steve
Sent from Cisco Technical Support iPhone App
12-08-2013 07:48 AM
What you outlined is the main reasons. Personally it's a personal decision. Security upsell is the guest traffic never touches your switch fabric until the DMz. Either solution is fine. If you do get hit with an audit and the auditor is well versed with guest services he could recommend the anchor in the report.
Sent from Cisco Technical Support iPhone App
12-08-2013 08:53 AM
Thanks guys!
I was thinking using anchor controllers in DMZ allows for easier managing, troubshooting, upgrading and gives ability to implement the ISE infrastructure.
A route we may definitely use and want to make sure we at best position to take advantage.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide