Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Design Guide
10-2
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 10 Cisco Unified Wireless Guest Access Services
Scope
Additional benefits of a wireless-based guest access include the following:
•
It provides wider coverage by including areas such as lobbies and other common areas that
otherwise might not have been wired for network connectivity.
otherwise might not have been wired for network connectivity.
•
It removes the need for designated guest access areas or rooms.
Scope
Several architectures can be implemented to offer guest access in the enterprise. It is not the goal of this
chapter to cover all possible solutions. Instead, this chapter focuses on the implementation of wireless
guest networking using the Cisco Unified Wireless solution. For more information on deploying wired
and wireless Guest Access services in other topology scenarios, see the following URL:
chapter to cover all possible solutions. Instead, this chapter focuses on the implementation of wireless
guest networking using the Cisco Unified Wireless solution. For more information on deploying wired
and wireless Guest Access services in other topology scenarios, see the following URL:
Wireless Guest Access Overview
Ideally, the implementation of a wireless guest network uses as much of an enterprise’s existing wireless
and wired infrastructure as possible to avoid the cost and complexity of building a physical overlay
network. Assuming this is the case, the following additional elements and functions are needed:
and wired infrastructure as possible to avoid the cost and complexity of building a physical overlay
network. Assuming this is the case, the following additional elements and functions are needed:
•
A dedicated guest WLAN/SSID—Implemented throughout the campus wireless network wherever
guest access is required.
guest access is required.
•
Guest traffic segregation—Requires implementing Layer 2 or Layer 3 techniques across the campus
network to restrict where guests are allowed to go.
network to restrict where guests are allowed to go.
•
Access control—Involves using imbedded access control functionality within the campus network
or implementing an external platform to control guest access to the Internet from the enterprise
network.
or implementing an external platform to control guest access to the Internet from the enterprise
network.
•
Guest user credential management—A process by which a sponsor or lobby administrator can create
temporary credentials in behalf of a guest. This function might be resident within an access control
platform or it might be a component of AAA or some other management system.
temporary credentials in behalf of a guest. This function might be resident within an access control
platform or it might be a component of AAA or some other management system.
Guest Access using the Cisco Unified Wireless Solution
The Cisco Unified WLAN solution offers a flexible, easy-to-implement method for deploying wireless
guest access by using Ethernet in IP (RFC3378) within the centralized architecture. Ethernet in IP is used
to create a tunnel across a Layer 3 topology between two WLC endpoints. The benefit of this approach
is that there are no additional protocols or segmentation techniques that must be implemented to isolate
guest traffic from the enterprise. See
guest access by using Ethernet in IP (RFC3378) within the centralized architecture. Ethernet in IP is used
to create a tunnel across a Layer 3 topology between two WLC endpoints. The benefit of this approach
is that there are no additional protocols or segmentation techniques that must be implemented to isolate
guest traffic from the enterprise. See
for an example of guest access topology using a
centralized WLAN architecture.