cancel
Showing results for 
Search instead for 
Did you mean: 

Is a WLAN guest anchor solution with additional wlan controller in DMZ possible??? (Competitor = Cisco!!!)

Is a WLAN guest anchor solution with additional wlan controller in DMZ possible??? (Competitor = Cisco!!!)

Christian_Zottl
New Contributor
Customer needs: Virtualize Management and AC (formerly netsight and nac) and WLAN.
A must have: guest traffic must not break out in the virtual "management" environment where Netsight, NAC and WLAN resides (should reside in future).
The "bridge building" competitor (cisco) solves this with a so called "guest anchor" in the dmz which is an additional wlan-controller.
-> The guest SSID is more or less bridged at "guest anchor" controller in DMZ.
L2 security -> A separate VLAN from "virtual management environment" to DMZ is (as far as I know) no option for the customer.
From the technical point of view I do have a different opinion - however
Does anybody have an idea how to resolve this requirement?
Maybe within a special mobility setting?
Many Thanks in advance
Regards
Christian Zottl
(Axians)
12 REPLIES 12

StephanH
Valued Contributor III
Hello,

now I have a running anchor solution with EWCs and it works fine.

The setup is quite easy. For example if you have one wireless Controller in the DMZ and one in the productive LAN (if you have two on both places enable availability and sync for the the same result) you have do to the following steps:

    Bring your Controllers in one mobility Group Create a complete VNS (as usual) on the Anchor-Controller in the DMZ with a B@EWC or routed topology. In the Advanced Options on the WLAN Service select "Remotable" Now you create a WLAN Service (not a hole VNS!) on the Controller in the productive LAN. For this, select "Remote" as Service Type and select the SSID created on the Anchor (automatically created by the mobility feature) . Create a Virtual Network for the new WLAN Service and a suitable Role (e. g. Access Control allow)
Thats all. Know you have a SSID on the APs in the productive LAN which is tunneled to the Anchor-Controller.

In this case you will have no APs on the Anchor only in the productive LAN. So you need no additional licenses on the Anchor EWC.

Please be aware Anchor Controller is only a Cisco wording. We call this Feature "Centralized Mobility".

Regards

Stephan

Regards Stephan

Great job - hopefully there are more other users outside who use this ...

Regards,
Matthias

StephanH
Valued Contributor III
Hello all,

Have anyone ever made a configuration with Extreme like the Cisco Anchor solution for guests?

If yes how?

Best regards.
Stephan

Regards Stephan

If our customer will not buy the "bridge building - wlan solution (competitor cisco) I will install this solution and can report to you. But I am sure this will not happen before April 2017 ...
Regards
Christian
GTM-P2G8KFN