Cisco Cisco Catalyst 6000 Multilayer Switch Feature Card MSFC2 Bulletins

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 11 of 16

Figure 11. Guest Tunneling for Cisco 2000 Series Wireless LAN Controller

Notes on Guest Tunnel Origination for the Cisco 2000 Series

•

The guest user’s IP address is administered from the DMZ.

•

All user traffic is transported over an Ethernet over IP (EoIP) tunnel between the regular wireless LAN controller and the virtual anchor wireless

LAN controller, which acts as an anchor as the client moves around the network.

•

Mobility is supported as a client device roams between wireless LAN controllers.

•

Each virtual anchor controller can support 40 tunnels from various “inside” controllers. These tunnels are established from each controller for

each SSID using a virtual anchor, meaning that many wireless clients can ride the tunnel.

•

Cisco 2000 Series wireless LAN controllers and WLCMs cannot terminate guest tunnels and therefore can not be virtual anchor controllers; these

controllers can only originate guest tunnels.

Benefits of the Cisco 2000 Series Guest Tunnel Origination Feature

•

For customers with remote sites using Cisco 2000 Series wireless LAN controllers or Cisco WLCMs for integrated services routers, it is now

possible to use the Guest Tunneling feature to provide additional security for guest-user access to the corporate wireless network.

Wireless LAN Controllers Supported: Cisco 2000 Series wireless LAN controllers; Cisco WLCM for integrated services routers; Airespace 3500

Series wireless LAN controllers (already supported on Cisco 4100 and 4400 Series; Cisco WiSM; and Airespace 4000 and 4100 Series)

Access Points Supported: Not applicable.

Management Interfaces Supported: Cisco WCS, controller web user interface, command line interface