Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
3
Helpful
6
Replies

Corporate wireless clients to access internet from public dns

Turki.A.Baqatada
Level 1
Level 1

‎03-21-2023 10:53 AM

Hi 

I have corporate wireless network and I need to separate wireless network from LAN, I am asking is there anyway that let corporate wireless clients to access internet from public DNS without accessing LAN network, I mean that I consider them as external network clients, and if I can what is needed to accomplish this 

 

Thank you 

0 Helpful
6 Replies 6

marce1000
VIP
VIP

‎03-21-2023 11:25 AM

 

 - You may configure the DHCP server for these clients to let them use the intended DNS servers , 

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Turki.A.Baqatada
Level 1
Level 1
In response to marce1000

‎03-21-2023 01:33 PM

Thank you marce1000, but could you explain more, is there option we can use and what are the things we should do to accomplish it 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎03-21-2023 01:09 PM

If you need to separate wireless from the local LAN, it's not DNS.  You need to use acl's or a firewall and block traffic from the wireless subnet(s) to the wired subnet(s) and vice versa.

-Scott
*** Please rate helpful posts ***

Turki.A.Baqatada
Level 1
Level 1
In response to Scott Fella

‎03-21-2023 01:30 PM

Thank you Scott Actually I am  using ACL right now but I  want to know if there is  such option like playing with DNS to ease it, means clients will be considered as external clients and no affect come from them even if no ACL configured 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Turki.A.Baqatada

‎03-21-2023 01:42 PM

If there is routing between the wireless subnet(s) and the wired subnet(s), then there is no isolation between the two.  DNS doesn't matter, it matters is on a wireless subnet, you are blocking all internal subnets and only allowing internet, then just configure DHCP to use one of the public dns servers that are available.  DNS servers do not isolate wired and wireless nor does it isolate wired and wired or wireless and wireless.  

Look at it this way, if you don't have acl's in place a devices from wireless can ping, rdp, ssh, telnet, etc. to a wired device and not have to use DNS.  A device from either subnet would be able to scan and use nmap or other tools to discover devices on another subnet.  By using ip and not dns!!!

-Scott
*** Please rate helpful posts ***

Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎03-21-2023 01:44 PM

Put it this way... if a wireless device was assigned a public dns (Google 8.8.8.8), it doesn't mean a user can't change that to use an internal dns server.  That is why you use acl's and or firewalls to allow of block specific traffic.

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card