Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
751
Views
0
Helpful
5
Replies

Blocking Guest Subnet From Internal Access

Garrison Gurule
Level 1
Level 1

‎08-08-2017 11:39 AM - edited ‎03-08-2019 11:40 AM

I have a Cisco 1841 integrated router I am working with and need to know:

How can I prevent a guest network (10.1.6.0/24) from accessing all my internal networks (switches, routers, aps, mainfrains)....

Currently, computers connected to the VLAN:

  • get IP addresses, DNS, and DHCP 
  • can access all of my internal network
  • have access to the internet;

Attached is the config file...

Thank you for your help

Labels:
Preview file
11 KB
0 Helpful
5 Replies 5

paul driver
VIP
VIP

‎08-08-2017 11:58 AM

Hello

If they are coming in from you wan interface then:
sh access-list 100 <--- check the sequence numbers after the last deny entry use the next number but it has to be under the first permit number

Example:
20 deny
30 permit

ip access-list extended 100
25 deny ip 10.1.6.0 0.0.0.255 any
exit

res
paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Garrison Gurule
Level 1
Level 1
In response to paul driver

‎08-08-2017 02:47 PM

What do you mean by WAN interface, the modem?

My guests will be connecting thru APs I have that are managed by a virtual controller attached to port on my switch.

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to paul driver

‎08-08-2017 02:48 PM

Hi

Other way is using VRF so this subnet 10.1.6.0/24 will be in other routing table never merged with the global routing table. (unless you want)

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Garrison Gurule
Level 1
Level 1
In response to Julio E. Moisa

‎08-08-2017 03:09 PM

VRF sounds good. How would I need to change the current config file and what what would I need to add in order to get this working?

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to Garrison Gurule

‎08-08-2017 03:29 PM

Hi

Where is the gateway for that subnet created?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents