Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
10-7
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 10 Cisco Unified Wireless Guest Access Services
WLAN Controller Guest Access
For the best possible performance and because of its suggested positioning in the network, it is strongly
recommended that the guest anchor controller be dedicated to supporting guest access functions only. In
other words, the anchor controller should not be used to support guest access in addition to controlling
and managing other LWAPP APs (LAPs) in the enterprise.
recommended that the guest anchor controller be dedicated to supporting guest access functions only. In
other words, the anchor controller should not be used to support guest access in addition to controlling
and managing other LWAPP APs (LAPs) in the enterprise.
DHCP Services
As previously described, guest traffic is transported at Layer 2 via EoIP. Therefore, the first point at
which DHCP services can be implemented is either locally on the anchor controller or the controller can
relay client DHCP requests to an external server. See
which DHCP services can be implemented is either locally on the anchor controller or the controller can
relay client DHCP requests to an external server. See
for
configuration examples.
Routing
Guest traffic egress occurs at the anchor controller. Guest WLANs are mapped to a dynamic
interface/VLAN on the anchor. Depending on the topology, this interface might connect to an interface
on a firewall, or directly to an Internet border router. Therefore, a client’s default gateway IP is either
that of the firewall or the address of a VLAN/interface on the first hop router. For ingress routing, it is
assumed the guest VLAN is directly connected to a DMZ interface on a firewall or to an interface on a
border router. In either case, the guest (VLAN) subnet is known as a directly connected network and
advertised accordingly.
interface/VLAN on the anchor. Depending on the topology, this interface might connect to an interface
on a firewall, or directly to an Internet border router. Therefore, a client’s default gateway IP is either
that of the firewall or the address of a VLAN/interface on the first hop router. For ingress routing, it is
assumed the guest VLAN is directly connected to a DMZ interface on a firewall or to an interface on a
border router. In either case, the guest (VLAN) subnet is known as a directly connected network and
advertised accordingly.
Anchor Controller Sizing and Scaling
The most cost-effective platform to support guest networking in most enterprise deployments is the
Cisco 4400 Series controller. Assuming the controller is being deployed to support guest access with
EoIP tunnel termination only, the 4402 with support for 12 APs is sufficient because it is assumed the
controller is not going to be used to manage LAPs in the network.
Cisco 4400 Series controller. Assuming the controller is being deployed to support guest access with
EoIP tunnel termination only, the 4402 with support for 12 APs is sufficient because it is assumed the
controller is not going to be used to manage LAPs in the network.
A single 4400 Series controller can support EoIP tunnels from up to 40 foreign controllers within the
enterprise. Additionally, the 4400 supports up to 2500 simultaneous users and has a forwarding capacity
of 2 Gbps.
enterprise. Additionally, the 4400 supports up to 2500 simultaneous users and has a forwarding capacity
of 2 Gbps.
Anchor Controller Redundancy
Beginning with Release 4.1 of Unified Wireless solution software, a “guest N+1” redundancy capability
was added to the auto anchor/mobility functionality. This new feature introduces an automatic ping
function that enables a foreign controller to proactively ping anchor controllers to verity control and data
path connectivity. In the event of failure or an active anchor becomes unreachable, the foreign controller
does the following:
was added to the auto anchor/mobility functionality. This new feature introduces an automatic ping
function that enables a foreign controller to proactively ping anchor controllers to verity control and data
path connectivity. In the event of failure or an active anchor becomes unreachable, the foreign controller
does the following:
•
Automatically detects that the anchor has become unreachable
•
Automatically disassociates any wireless clients that were previously associated with the
unreachable anchor
unreachable anchor
•
Automatically re-associates wireless client(s) to an alternate anchor WLC
With guest N+1 redundancy, two or more anchor WLCs can be defined for a given guest WLAN.
shows a generic guest access topology with anchor controller redundancy.