cancel
Showing results for 
Search instead for 
Did you mean: 

Heroes XIQ design topic

Heroes XIQ design topic

Andre_Brits_Kan
Contributor II

Hi Heroes community.

 

A topic that I have been discussing with a few colleagues is around XIQ Wireless network design (on the network part), when looking at: 

  • Guest Networks

The typical requirement for guest traffic is to isolate it from the network and only give it some internet access. From a network design, with Wing and XCC guest is easy, bridge the SSID at the controller into some isolated vlan that is directly connected to a router of some sort. The guest vlan only lives in the core between the controller and router. When looking at a XIQ AP deployment in a small environment this is easy enough to handle by either just tagging a guest vlan to every AP port or using a policy that denies all traffic to internal recourses.

When we look at a bigger campus that involves various layer 3 boundaries the option for tagging a guest vlan to each AP is not available. We could still use the option of applying a policy that blocks traffic to internal resources. Or another option is to tunnel the traffic with a GRE tunnel to something.

The question is "what is best design, on the network side, for guest networks when deploying a XIQ wireless network. 

 

Could be a topic to discuss in one of the Hero Tech talks.

 

 

1 REPLY 1

Thomas_Gfeller
New Contributor III

Hi Andre

I remember that in some cases we used a VRF for separating the “trustet L3” routing part from the “untrusted” part and using policies on at the Guest User level.

But in general, i like the idea to get some best practice infomation in form of a topic in the Hero tech talks.

br

Tom

GTM-P2G8KFN