04-15-2013 10:16 PM - edited 07-03-2021 11:55 PM
My client concerns about the guest WLAN security, and the client would like the guest WLAN only access to the Internet and not its other vlans, specailly the server vlans. Could any one kindly provide the steps/methods to follow? BTW, the client uses cisco WLC 5508 and AP 3602i. Many thanks and kind regards,
04-15-2013 10:43 PM
You have to take care of that from the core side. You need to allow routing for that VLAN to outside only.
The other option (which requires two WLCs) is to set up an anchor controller in the DMZ and tunnel guest traffic between your internal WLC and the anchor WLC in DMZ.
read this: Wireless Guest Access FAQ
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"
04-15-2013 11:07 PM
HI Zhi,
1. Police that vlan traffic either on the inside switch or on the ASA.
https://supportforums.cisco.com/docs/DOC-1230
2. Use websense for content scanning/filtering or use the CSC module on the ASA for http scanning/URL filtering.
http://www.cisco.com/en/US/docs/security/csc/csc6.1.1569.0/administration/guide/csc4.html
Regards
04-22-2013 07:29 PM
Please follow this doc for guess access
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.pdf
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: