Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
851
Views
0
Helpful
4
Replies

Guest VLAN

Go to solution
richardwhit
Level 1
Level 1

‎02-08-2007 05:36 AM - edited ‎03-05-2019 02:14 PM

Hi,

I need to allow guests to access our wireless infrastructure. My initial thoughts about how to enable this involve setting up a guest VLAN associate with an additional SSID.

My question is how do I ensure that traffic from this guest VLAN is only allowed to the internet and prevented from reaching anywhere else? Is using ACL's a feasible method or would another solution be better? I don't have the budget to purchase a solution such as an access control server for this.

The access layer switches in the network are HP Procurve 2650's, these are connected to Cisco 4506 Layer 3 switches.

Any suggestions gratefully appreciated.

TIA

Richard

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andreas.larsen
Level 1
Level 1
In response to richardwhit

‎02-08-2007 05:59 AM

Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW

And you do route-map in the router that means that the only way out from the VLAN is via the firewall.

Hope that clears it up.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
andreas.larsen
Level 1
Level 1

‎02-08-2007 05:47 AM

Do a route map and force them to route to your firewall . With something like this.

route-map GuestVlan2Internet permit 10

match ip address x.x.x.x

set ip next-hop x.x.x.x

Please rate if you find it usefull.

0 Helpful

Go to solution
richardwhit
Level 1
Level 1
In response to andreas.larsen

‎02-08-2007 05:57 AM

Thanks for the response.

Is that set on the access point?

0 Helpful

Go to solution
andreas.larsen
Level 1
Level 1
In response to richardwhit

‎02-08-2007 05:59 AM

Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW

And you do route-map in the router that means that the only way out from the VLAN is via the firewall.

Hope that clears it up.

0 Helpful

Go to solution
richardwhit
Level 1
Level 1
In response to andreas.larsen

‎02-08-2007 06:35 AM

Sorry, your understanding of the topology is correct, I was just being a bit dumb :)

I'll try this out. Thanks for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card