Guest Mode?

sjamison · ‎10-26-2004

Can an 1100 AP support trunking? Here is what I want to do.

The switchport is configured for a specific vlan so everything in the wireless cloud is on that vlan currently (LEAP/WEP). I want to setup a seperate open Guest SSID vlan and put it in the same vlan that the outside of my PIX is in. Then build an access list to only allow a few ports open. Like HTTP, VPN, and POP so they can get to the internet/corporate network without hacking into anything.

Is there a better way of doing a guest mode? Can my idea work?

dixho · ‎10-26-2004

Yes, 1100 AP supports 802.1q. Please see the attachment.

scottosan · ‎10-28-2004

The way we do it is we have a guest vlan. This VLAN has no route (no interface VLAN X)on the RSP/RSM, so there is no is way onto the Corporate network. We use an extra interface on the pix(connected to the guest VLAN) which in turn serves as DHCP server and only allows traffic to the web. We also added a small ip pool to the global nat to allow visiting guests to be able VPN out to their home office.

sjamison · ‎10-28-2004

Hmm that sounds interesting... I have two extra interfaces on my PIX I could do that with... From trying to find the best way to do this, it amazes me how everyone has a different solution to how they do it.

ccsi100 · ‎10-28-2004

You can use separate VLANs and then use a policy map statement pointing to the next hop router to force traffic where you would like it to go on the guest VLAN.