Re: Wireless vlan security help

johnvojtech · ‎07-25-2006

I set up a second ssid and vlan for guests. The native and original vlan is in place and requires WEP. I set the second vlan to broadcast the SSID and have no encryption. I have clients connect, and almost have everything done. The only thing I cant figure out is how to isolate the traffic from the second vlan to the first. I have the second vlan set up so that the users cannot see anything on the native vlan, but I can ping the servers by IP address and if I try to connect from the second vlan to the first, it lets me with a valid username and password. This tells me that if a guest comes in, and has a virus, that computer can maybe infect computers on the native vlan. How can i truly isolate the traffic from one vlan and have it access only the default gateway?

Scott Fella · ‎07-25-2006

Don't route the guest vlan and or place acl on the l3 to deny traffic from the guest subnet..

-Scott
*** Please rate helpful posts ***

johnvojtech · ‎07-26-2006

I need to route the guest vlan to the default gateway. I have multiple access points, so i need to route the guest vlan on the L3 interfaces. I have the route statement added for the guest vlan network addresses pointing to the default gateway, but if i try to connect using the native vlan IP address, i can get to stuff.