02-08-2007 05:36 AM - edited 03-05-2019 02:14 PM
Hi,
I need to allow guests to access our wireless infrastructure. My initial thoughts about how to enable this involve setting up a guest VLAN associate with an additional SSID.
My question is how do I ensure that traffic from this guest VLAN is only allowed to the internet and prevented from reaching anywhere else? Is using ACL's a feasible method or would another solution be better? I don't have the budget to purchase a solution such as an access control server for this.
The access layer switches in the network are HP Procurve 2650's, these are connected to Cisco 4506 Layer 3 switches.
Any suggestions gratefully appreciated.
TIA
Richard
Solved! Go to Solution.
02-08-2007 05:59 AM
Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW
And you do route-map in the router that means that the only way out from the VLAN is via the firewall.
Hope that clears it up.
02-08-2007 05:47 AM
Do a route map and force them to route to your firewall . With something like this.
route-map GuestVlan2Internet permit 10
match ip address x.x.x.x
set ip next-hop x.x.x.x
Please rate if you find it usefull.
02-08-2007 05:57 AM
Thanks for the response.
Is that set on the access point?
02-08-2007 05:59 AM
Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW
And you do route-map in the router that means that the only way out from the VLAN is via the firewall.
Hope that clears it up.
02-08-2007 06:35 AM
Sorry, your understanding of the topology is correct, I was just being a bit dumb :)
I'll try this out. Thanks for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: