11-01-2011 03:49 AM - edited 07-03-2021 09:01 PM
Hi
Anyone could please advice a recommended way for guest wireless design.
The requirement is to only allow Internet for guest users. The guest user vlan is terminated in a L3 switch and the guest should not see LAN traffic or reach other vlans on the same switch. I tried using a PBR for the guest user vlan setting next hop as firewall but still the users were able to reach other LAN traffic.
The guest SSID is configured to use web authentication (user ID / password) using local user database on a 5500 series controller.
Please advice
Thanks in advance
Gaj
11-01-2011 04:13 AM
Wat ever wireles config that you have need not be changed!! U need to go for Inter VLAN routing to be tweaked!!
That is..
The VLAN that ur using for GUEST should not communicate with rest of the VLANs and allow just Internet traffic, this can be acheived by creating a 2 liner ACL denying traffic for rest of the vlans and allowing the protocols that u need!!
The below may help u..
https://learningnetwork.cisco.com/thread/14122
Please dont forget to rate the usefull posts!! Rating will help others as well to get the right resource!!
Regards
Surendra
11-01-2011 09:49 PM
Thanks.
I was thinking how to seperate Guest traffic from the normal LAN traffic.Is there any other way we could seperate guest traffic without an anchor?
Gaj
11-02-2011 05:54 AM
Just to add to this... you can, but if you have a layer 3 interface for your guest, you will need to create access lists. What you also can do is not create a layer 3 interface for you guest and then connect that vlan into your dmz, if you have a dmz.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide