Re: Guest VLAN block access to other VLANS

Mohax · ‎03-31-2019

Hi, is a access list needed to be implemented in the router for this case?. Guest Network VLAN 20 must be separated from the rest of the VLANS.

Thanks a lot, I've attached the file below

AndreaTornaghi · ‎03-31-2019

Dear,

yes, you must configure an ACL on guest interface.

Basically you can deny all network that are defined in RFC 1918 and permit all the rest. Obviously you should assign an external DNS server to guest clients.

Hope to be helpfully

Mohax · ‎03-31-2019

an for tge reply, I've already

Thanks for the reply, I've already solved the issue by implementing acl deny list on the sub-interface of vlan 20

T

luis_cordova · ‎03-31-2019

Hi @Mohax ,

It is always a pleasure to help. Congratulations on your achievement.

If you have other questions, just post it in the community.

Regards

paul driver · ‎03-31-2019

Hello

Cannot view the PT file however I am assuming the router is performing the inter-vlan routing (router on a stick scenario)

in that case you could just add a Routed ACL on the sub-interface for the guest vlan to deny the other vlans access or you can just simply put that guest vlan into is own VRF

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul