02-08-2007 05:36 AM - edited 03-05-2019 02:14 PM
Hi,
I need to allow guests to access our wireless infrastructure. My initial thoughts about how to enable this involve setting up a guest VLAN associate with an additional SSID.
My question is how do I ensure that traffic from this guest VLAN is only allowed to the internet and prevented from reaching anywhere else? Is using ACL's a feasible method or would another solution be better? I don't have the budget to purchase a solution such as an access control server for this.
The access layer switches in the network are HP Procurve 2650's, these are connected to Cisco 4506 Layer 3 switches.
Any suggestions gratefully appreciated.
TIA
Richard
Solved! Go to Solution.
02-08-2007 05:59 AM
Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW
And you do route-map in the router that means that the only way out from the VLAN is via the firewall.
Hope that clears it up.
02-08-2007 05:47 AM
Do a route map and force them to route to your firewall . With something like this.
route-map GuestVlan2Internet permit 10
match ip address x.x.x.x
set ip next-hop x.x.x.x
Please rate if you find it usefull.
02-08-2007 05:57 AM
Thanks for the response.
Is that set on the access point?
02-08-2007 05:59 AM
Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW
And you do route-map in the router that means that the only way out from the VLAN is via the firewall.
Hope that clears it up.
02-08-2007 06:35 AM
Sorry, your understanding of the topology is correct, I was just being a bit dumb :)
I'll try this out. Thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide