Campus lan and Wireless lan solution Design Guide


Centralized deployments with guest wireless



Download 2,16 Mb.
Pdf ko'rish
bet47/73
Sana13.07.2022
Hajmi2,16 Mb.
#791104
1   ...   43   44   45   46   47   48   49   50   ...   73
Bog'liq
cisco-campus-lan-wlan-design-guide

Centralized deployments with guest wireless 
For centralized (local-mode) deployments, the traditional method of providing wireless guest access is to 
implement a dedicated guest anchor controller in an Internet DMZ segment. The internet edge / DMZ firewall 
restricts access from the guest network (specific ports on the firewall need to be opened for the tunneled data 
connection). The guest network is only able to reach the Internet and the internal DHCP and DNS servers (unless 
separate DHCP and DNS servers are deployed within the DMZ for further isolation). 
 
Traditional guest wireless anchor controller design 
Figure 38. 
Additional security functionality besides firewalling may be applied within the Internet Edge / DMZ. This additional 
functionality is not shown in the figure above. 
Cisco Catalyst 9800 Series wireless controllers support secure mobility – meaning the anchor tunnel uses 
CAPWAP encapsulation, as opposed to Ethernet-over-IP (EoIP). CAPWAP control traffic is encrypted, with the 
additional option of encrypting the CAPWAP data traffic between the foreign and anchor wireless controllers. 

© 2020 Cisco and/or its affiliates. All rights reserved. 
Page 52 of 76
Cisco FlexConnect guest deployments 
For Cisco FlexConnect guest deployments, the guest WLAN/SSID can be centrally switched and anchored 
through a dedicated guest controller in an Internet DMZ segment. 
 
FlexConnect with centrally-switched guest wireless access 
Figure 39. 
Alternatively, the guest WLAN/SSID can be locally switched to a VLAN within the branch which provides direct 
Internet access (DIA). 
 
FlexConnect with locally-switched guest wireless access 
Figure 40. 
Additional security functionality besides firewalling may be applied within the branch for direct Internet access. This is not 
shown in the figure above. 

Download 2,16 Mb.

Do'stlaringiz bilan baham:
1   ...   43   44   45   46   47   48   49   50   ...   73



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish