04-19-2004 06:29 PM - edited 07-04-2021 09:33 AM
I have a current requirement to configure a second VLAN on our WLAN to create wireless "Hot Spots" for our patients and guest. I have to put it into place to where they have access to the internet but not our corporate network. I am some ideas on how to do this, but was wondering 1. has anyone does this and if so how or 2. how would you suggest doing it?
Our topology is as follows:
Two PIX firewalls that work redundantly to provide our internet access for the inside network.
We have two 6609 with RSMs (completely redundant core)that provide access to the wiring closets.
At the wiring closets we have Cisco 2950s, 5000s and 2980Gs. This is where we provide access to the Aironet 1200 Access Points. Each wiring closet is it's own VLAN with the interVLAN routing at the Core (RSMs are using HSRP for redundancy).
We currently have one VLAN that spreads the entire campus network for our staff that gives them wireless access to our private network.
My thoughts on implementation where to create another network (Class B) and another VLAN on the 1200s to provide the internet access Hot Spots. In the RSMs create access-list that deny all private IP address groups (10.0.0.1-10.255.255.254; 172.16.0.1-172.31.255.254; 192.168.0.1-192.168.255.254) except for the one they are on, and the inside address of the PIX.
Any thoughts? Will this work?
Thanks in advance
05-03-2004 06:35 AM
I think this should work fine, did you encounter any problems?
05-10-2004 01:38 PM
Assuming you have a proxy server for HTTP requests, you can create a ACL on the wireless vlan to only allow HTTP requests to your proxy server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide