I need to allow guests to access our wireless infrastructure. My initial thoughts about how to enable this involve setting up a guest VLAN associate with an additional SSID.
My question is how do I ensure that traffic from this guest VLAN is only allowed to the internet and prevented from reaching anywhere else? Is using ACL's a feasible method or would another solution be better? I don't have the budget to purchase a solution such as an access control server for this.
The access layer switches in the network are HP Procurve 2650's, these are connected to Cisco 4506 Layer 3 switches.
Any suggestions gratefully appreciated.
Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW
And you do route-map in the router that means that the only way out from the VLAN is via the firewall.
Hope that clears it up.