Wireless Guest Access - L2 over L3 tunneling to Internet Router?
I would like to ask what are my options for implementing L2 over L3 tunneling to the Internet router only for guest wireless users, who will be gaining access via a captive portal? Based on the requirements from the customer, I believe the aim is to isolate guest traffic and prevent them from accessing any of the internal resources.
To do L2 over L3 tunneling, you can use GRE, L2TPv3. This depends on the capabilities of your router.
However, if you're using Cisco WLC, you can set the remote AP as Flexconnect AP (Local switching) but configuring the Guest SSID to have get the captive portal from your central WLC (even if WLC is using ISE for guest portal). Before it was not possible and if I remember good, this is supported since around 1 year.
This solution with flexconnect is standard supported design and no need to expand Layer2 over Layer3 connectivity.
Hope this is answering your question.
Thanks Francesco PS: Please don't forget to rate and select as validated answer if this answered your question
This tool is essentially used to generate some basic configuration for the 9800 Controller. The basic configurations include Day 0 Config, Central and Local Webauth, Dot1x, PSK etc. The tool uses a GUI format to take input variables for the specific use c...
The Workplace, Reimagined: Secure Network Solutions for Business Resiliency
Network Insider Live Webinar
Tuesday, August 18, 202010:00 am Pacific Time(San Francisco, GMT-08:00)
Where and how your employees work is changing—your workforce can...
Do you have hands-on experience with wireless network management?
If yes, please participate in this quick online survey. We'd like to understand your wireless network management and job roles that partake in this task. Your feedback will be reviewed a...
This event had place on Thursday 11, June 2020 at 10hrs PDT
In this session, the Cisco expert covered single image orchestration changes with the Cisco IOS XE Software Release 17.2.1r for Cisco IOS XE and Cisco IOS XE SD-WAN use cases. Duri...
This is a two-step process.
Step 1: Need to add the FlexConnect AP to a FlexConnect Group.Step 2: Need to configure a FlexConnect ACL (to specify the local traffic-of-interest), and map it to that FlexConnect Group.
For step 1----------As in the i...