Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guida Alla Progettazione
10-6
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 10 Cisco Unified Wireless Guest Access Services
WLAN Controller Guest Access
Figure 10-3
Sample Ethernet in IP Sniffer Trace
Anchor Controller Deployment Guidelines
This section provides guidelines for deploying an anchor controller to support wireless guest access.
Anchor Controller Positioning
Because the anchor controller is responsible for termination of guest WLAN traffic and subsequent
access to the Internet, it is typically positioned in the enterprise Internet DMZ. In doing so, rules can be
established within the firewall to precisely manage communications between authorized controllers
throughout the enterprise and the anchor controller. Such rules might including filtering on source or
destination controller addresses, UDP port 16666 for inter-WLC communication, and IP protocol ID 97
Ethernet in IP for client traffic. Other rules that might be needed include the following:
access to the Internet, it is typically positioned in the enterprise Internet DMZ. In doing so, rules can be
established within the firewall to precisely manage communications between authorized controllers
throughout the enterprise and the anchor controller. Such rules might including filtering on source or
destination controller addresses, UDP port 16666 for inter-WLC communication, and IP protocol ID 97
Ethernet in IP for client traffic. Other rules that might be needed include the following:
•
TCP 161 and 162 for SNMP
•
UDP 69 for TFTP
•
TCP 80 or 443 for HTTP, or HTTPS for GUI access
•
TCP 23 or 22 for Telnet, or SSH for CLI access
Depending on the topology, the firewall can be used to protect the anchor controller from outside threats.
190811