Good Afternoon, We are looking at moving one of our wireless SSIDs into a Guest type service that allows certain encrypted, authenticated and authorized TCP/UDP ports. We plan on configuring this with an FWSM facing our Internet connection so that we are treating clients on this SSID like guests with more access, but still somewhat restricted. My question is; has anyone accomplished this without using VRFs to route the traffic to the FWSM and if so did you employ the Guest Anchor controller model specified in the CISCO 4.1 Wireless Deployment Guide. My suspicion is that this may be accomplished without utilizing the Anchor/Foreign controller model and without using VRFs. The only document that I have found that specifically refers to integrating the FWSM with the WiSM is at the following link and specifies VRFs as part of the solution. http://www.cisco.com/en/US/docs/wireless/technology/wism/technical/reference/appnote.html#wp41069 My local CISCO SE indicated that this could be accomplished by simply passing the VLAN traffic through a context on the FWSM. It sounds great in theory, but I am having trouble locating proper documentation that illustrates this specifically. Since it's a design issue, Cisco TAC will not engage, they only help fix what is already in place. Feel free to contact me offline if necessary. Thanks a million for any input/experience that you may share with us. John V. Duran University of New Mexico Network Analyst ITS/Network Communications/Data Services Ph: (505) 249-7890 Fax: (505) 277-8101
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
