Guest VLAN

Answered Question
Feb 8th, 2007

Hi,

I need to allow guests to access our wireless infrastructure. My initial thoughts about how to enable this involve setting up a guest VLAN associate with an additional SSID.

My question is how do I ensure that traffic from this guest VLAN is only allowed to the internet and prevented from reaching anywhere else? Is using ACL's a feasible method or would another solution be better? I don't have the budget to purchase a solution such as an access control server for this.

The access layer switches in the network are HP Procurve 2650's, these are connected to Cisco 4506 Layer 3 switches.

Any suggestions gratefully appreciated.

TIA

Richard

I have this problem too.
0 votes
Correct Answer by andreas.larsen@... about 9 years 7 months ago

Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW

And you do route-map in the router that means that the only way out from the VLAN is via the firewall.

Hope that clears it up.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
andreas.larsen@... Thu, 02/08/2007 - 05:47

Do a route map and force them to route to your firewall . With something like this.

route-map GuestVlan2Internet permit 10

match ip address x.x.x.x

set ip next-hop x.x.x.x

Please rate if you find it usefull.

Correct Answer
andreas.larsen@... Thu, 02/08/2007 - 05:59

Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW

And you do route-map in the router that means that the only way out from the VLAN is via the firewall.

Hope that clears it up.

richardwhit Thu, 02/08/2007 - 06:35

Sorry, your understanding of the topology is correct, I was just being a bit dumb :)

I'll try this out. Thanks for your help.

Actions

This Discussion