Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
149
Views
0
Helpful
1
Replies

Best Practise for Guest Network

silvakizir
Level 1
Level 1

‎03-05-2017 08:11 AM - edited ‎03-08-2019 09:36 AM

Hi guys.

We have a "Guest" Wireless Network with Standalone APs and we want to go out to the Internet without having access to the other internal Subnets-Networks.

We also have an ASA and under that we have Distribution Layer Switches were happens all the Routing for all the Subnets with SVIs.

My Question is, which is the Best Practise (Including security) to where the Routing for the Guest Vlan should happen?

A. To the Distribution Layer Switches with the SVIs and VACLs that deny the communication to the other VLANs or

B. To the ASA

Thank you.

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎03-05-2017 09:04 AM

Don't forget the third and best option:

C. Change to a controller-based setup and place an anchor controller into the DMZ and terminate your Guest SSID there.

If that is not an option, I would always prefer to terminate the guest-WLAN on the ASA without having an SVI for the guest-vlan on the central L3-switch.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card