cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

44
Views
0
Helpful
1
Replies
Beginner

Best Practise for Guest Network

Hi guys.

We have a "Guest" Wireless Network with Standalone APs and we want to go out to the Internet without having access to the other internal Subnets-Networks.

We also have an ASA and under that we have Distribution Layer Switches were happens all the Routing for all the Subnets with SVIs.

My Question is, which is the Best Practise (Including security) to where the Routing for the Guest Vlan should happen?

A. To the Distribution Layer Switches with the SVIs and VACLs that deny the communication to the other VLANs or

B. To the ASA

Thank you.

1 REPLY 1
Highlighted
VIP Mentor

Don't forget the third and

Don't forget the third and best option:

C. Change to a controller-based setup and place an anchor controller into the DMZ and terminate your Guest SSID there.

If that is not an option, I would always prefer to terminate the guest-WLAN on the ASA without having an SVI for the guest-vlan on the central L3-switch.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards