cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

SA520 firewall limitations

chris parkinson
Beginner
Beginner

On the SA520W, I have a private Wireless LAN and Guest Wireless LAN.

How can I use the firewall to limit access between these two?

I have a shared printer on a guest PC on the guest wireless LAN.

I need to enable the private LAN and private wireless LAN access to this printer, and block everything else.

The Firewall config seems limited to WAN/DMZ interfaces.

Is there a way to add individual VLANs to these default security zones, or even create my own security zones?

How can I make this work?

Thanks

Chris

3 REPLIES 3

rmanthey
Enthusiast
Enthusiast

Hello Chris,

Perhaps use the LAN settings only. Setup a VLAN Guest like vlan 5 and don't allow inter-vlan routing. Then do a Port to VLAN assignment, for lets say port 4 and only assign VLAN 5 Access to that port, Then give the same VLAN 5 to your Guest SSID. This should allow the Guest network to talk with each other, and the Internet, while blocking them from talking to your other VLAN's.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

Thanks, but it doesn't help.

If I disable inter-vlan routing then my private VLAN can't access the guest VLAN at all.

Private VLAN = 1

Public Guest VLAN = 20

I need to provide granular firewall access between these 2 VLANs

Any ideas would be appreciated

Thanks

Hello Chris,

If we tried to configure the SA with 2 vlans one for Data one for Guest, disable inter-vlan routing so the two can't talk. As long as the printer is wired not wireless we can set that on the DMZ port then setup ACL rules to control what can talk to the printer.

If the printer is Wireless there is no configuration I can think of to over come this limitation other than getting a different hardware solution.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: