cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
887
Views
0
Helpful
2
Replies

Guest wireless network associated with VLan 60 allows guests access to our network

Barry McKinley
Beginner
Beginner

We setup a Wireless Guest network to allow visitors access to the internet. Guests are assigned an IP address in a different subnet.

Today it was discovered that guests had access to our LAN via the Guest wireless network. I am not sure what has changed. The AP541n configuration looks as it did when the Guest network was configured. The entries for Guest and VLan60 appear to be the same when configured to two earlier documents containing Sho Run information.

What could cause the wireless to now have access to our company LAN and a different IP subnet.

Regards,

Barry

2 Replies 2

mcasimirc63
Enthusiast
Enthusiast

This is normal behavior if you don't have an ACL blocking Inter-Vlan routing on certain interfaces. What is the subnet of the Vlan 60 and what is the Vlan and  subnet of the Corp Vlan?

Hello Marcus,

The subnet of VLan 60 is 172.16.37.0

The corporate VLan is VLan 90. The subnet is 10.42.5.0

I see the following entries;

access-list 107 deny   ip 172.16.0.0 0.15.255.255 any

ip dhcp excluded-address 172.16.37.1 172.16.37.100

ip dhcp pool GUEST_WIRELESS

   network 172.16.37.0 255.255.255.0

   default-router 172.16.37.2

   dns-server 10.42.5.21 10.42.5.22

   domain-name rittalguest.com

Should the Guest Wireless use our internal DNS servers? Shouldn't it be something like 4.2.2.2?

Thanks for the help,

Barry

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers