Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter 设计指南
10-53
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 10 Cisco Unified Wireless Guest Access Services
Other Features and Solution Options
Figure 10-68
Wireless Guest Access with External Access Control
As shown in
, the wireless guest access topology remains the same except that the guest
VLAN interface on the anchor controller, instead of connecting to a firewall or border router, connects
to an inside interface on an access control platform such as the Cisco NAC Appliance.
to an inside interface on an access control platform such as the Cisco NAC Appliance.
In this scenario, the NAC Appliance is responsible for redirection, web authentication, and subsequent
access to the Internet. The campus and anchor controllers are used only to tunnel guest WLAN traffic
across the enterprise into the DMZ, where the NAC appliance or some other platform is used to control
guest access.
access to the Internet. The campus and anchor controllers are used only to tunnel guest WLAN traffic
across the enterprise into the DMZ, where the NAC appliance or some other platform is used to control
guest access.
Configuration of the guest WLAN, campus, and anchor controllers is the same as described in the
previous examples. The only exception is that Layer 3 web policy is not enabled under the guest WLAN
security settings (see
previous examples. The only exception is that Layer 3 web policy is not enabled under the guest WLAN
security settings (see
and
).
Figure 10-69
Guest WLAN Layer 3 Security Policy
190862
WCS
Corporate
Servers
Internet
Guest WLAN
Enterprise WLAN
Enterprise WLAN
DNS
WEB
Anchor
Controller
Campus
Controllers
DHCP
LWAPP
LWAPP
NAC
Appliance