Cisco Cisco Catalyst 6000 Multilayer Switch Feature Card MSFC2 Bulletins
© 2006 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 11 of 16
Figure 11. Guest Tunneling for Cisco 2000 Series Wireless LAN Controller
Notes on Guest Tunnel Origination for the Cisco 2000 Series
•
The guest user’s IP address is administered from the DMZ.
•
All user traffic is transported over an Ethernet over IP (EoIP) tunnel between the regular wireless LAN controller and the virtual anchor wireless
LAN controller, which acts as an anchor as the client moves around the network.
•
Mobility is supported as a client device roams between wireless LAN controllers.
•
Each virtual anchor controller can support 40 tunnels from various “inside” controllers. These tunnels are established from each controller for
each SSID using a virtual anchor, meaning that many wireless clients can ride the tunnel.
•
Cisco 2000 Series wireless LAN controllers and WLCMs cannot terminate guest tunnels and therefore can not be virtual anchor controllers; these
controllers can only originate guest tunnels.
Benefits of the Cisco 2000 Series Guest Tunnel Origination Feature
•
For customers with remote sites using Cisco 2000 Series wireless LAN controllers or Cisco WLCMs for integrated services routers, it is now
possible to use the Guest Tunneling feature to provide additional security for guest-user access to the corporate wireless network.
Wireless LAN Controllers Supported: Cisco 2000 Series wireless LAN controllers; Cisco WLCM for integrated services routers; Airespace 3500
Series wireless LAN controllers (already supported on Cisco 4100 and 4400 Series; Cisco WiSM; and Airespace 4000 and 4100 Series)
Access Points Supported: Not applicable.
Management Interfaces Supported: Cisco WCS, controller web user interface, command line interface