cancel
Showing results for 
Search instead for 
Did you mean: 

Is a WLAN guest anchor solution with additional wlan controller in DMZ possible??? (Competitor = Cisco!!!)

Is a WLAN guest anchor solution with additional wlan controller in DMZ possible??? (Competitor = Cisco!!!)

Christian_Zottl
New Contributor
Customer needs: Virtualize Management and AC (formerly netsight and nac) and WLAN.
A must have: guest traffic must not break out in the virtual "management" environment where Netsight, NAC and WLAN resides (should reside in future).
The "bridge building" competitor (cisco) solves this with a so called "guest anchor" in the dmz which is an additional wlan-controller.
-> The guest SSID is more or less bridged at "guest anchor" controller in DMZ.
L2 security -> A separate VLAN from "virtual management environment" to DMZ is (as far as I know) no option for the customer.
From the technical point of view I do have a different opinion - however
Does anybody have an idea how to resolve this requirement?
Maybe within a special mobility setting?
Many Thanks in advance
Regards
Christian Zottl
(Axians)
12 REPLIES 12

Ryan_Yacobucci
Extreme Employee
Hello Christian,

The EWC has the ability to deploy "B@HWC" typologies which is a topology where all client traffic is tunneled through the network and is bridged at the EWC's physical port. This sounds like what you're looking for.

Also, you can break registration out to the additional NIC on the NAC if you want the guest captive portal to exist inside the DMZ as well. The NAC can perform registration functions on a separate NIC from management that can have a different network assignment.

Thanks
-Ryan

Hello Ryan,
thanks for your reply. I am aware of the things you are mentioning - and from technical aspect this is what the customer needs and more or less is already installed (by myself  ) and I have also recommended to still use it - Like the last 5 years ...
But somebody has shown the customer the solution provided by Cisco which is very similar regarding the functionality - and I do think this additional controller is not necessary - however, somebody is trying to replace the loved WLAN Solution by Chantry/Siemens [greeting to Ronald Dvorak] /Enterasys/Extreme.
Some people are pointing at: with cisco the packet bridges out in the "dmz" and not at the controller which is placed in the management environment- this is not allowed... (I am not supposed to comment this in more detail...),
which would be quite the same if using a separate interface of the controller exclusively for guest access.
Many thanks to you Ryan
Regards
Christian

Christian_Zottl
New Contributor
Hello Guys,
I got a reply by Extreme that this can be done if the wireless controller is hardware.
Thanks to Extreme Partner Support!!
Regards
Christian
GTM-P2G8KFN