Hello im doing a deployment of a WLAN in which in the design we do have a controller which is on the DMZ
We have to tunnel all the guest traffic from all the other controllers
All the other controllers would be:
2 Master controller one active one standby with vrrp
x ammount of local controllers in different sites
Now i know that you have to create a GRE tunnel from each controller i maen from every local controller to that DMZ controller for the Guest network that will just exist in that DMZ Controller.
1-Does this Controller can be a local controller of the pair of Master controllers ill have in the data center? it just that i would like to use the centrilized licensing.
2-do i need an extra license here a firewalll license or something like that for example a PEFNG license?
3-Ports that i need to open between the DMZ controllers and ALL the other controllers would be:
- PAPI (udp/8211 and tcp/8211)
- IP-IP (protocol 4) - if L3 mobility is enabled
- IPSEC/NAT-T (udp/4500) -
- GRE (protocol 47)
- HTTPS (tcp/443 and tcp/4343)
- SSH (tcp/22)
- SNMP (udp/161 and udp/162)
I am missing any port????
Cheers
Carlos