Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
436
Views
0
Helpful
3
Replies

Guest Vlan - Best Practise Implementation

anthony.dyne
Level 1
Level 1

‎01-07-2011 04:20 AM - edited ‎03-11-2019 12:31 PM

Hello

How to allow guest vlan traffic for http procotol only and limit bandwidth usage, looking for best practise implementation.Blocking peer-to-peer appliction too.

In short our ASA is placed as

Internet-rtr______ASA________3560_____LAN

On ASA we allow SMTP / HTTP / HTTPS from outside to inside

ACL is applied on ASA inside interface to have control on traffic, users on the LAN access internet through Microsoft ISA Server.

thanks

Anthony

Labels:
0 Helpful
3 Replies 3

Kureli Sankar
Cisco Employee
Cisco Employee

‎01-07-2011 07:10 AM

1. Police that vlan traffic either on the inside switch or on the ASA.

QoS on ASA : https://supportforums.cisco.com/docs/DOC-1230

2. Use websense for content scanning/filtering or use the CSC module on the ASA for http scanning/URL filtering.

http://www.cisco.com/en/US/docs/security/csc/csc6.1.1569.0/administration/guide/csc4.html

-KS

0 Helpful

anthony.dyne
Level 1
Level 1
In response to Kureli Sankar

‎01-07-2011 12:41 PM

Thank You KS for your input.

Based on your experience do you advice to Police the traffic on the switch or on the ASA as both options are available.

Thanks

Anthony

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to anthony.dyne

‎01-08-2011 05:20 AM

I'd suggest to do it on the switch. This way you can control what comes into the inside interface of the firewall.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card