How to accomplish this scenario?

Unanswered Question

I have 2 1130AG access points. In the end i want two SSID's, one for guest users and one for employees. The guest SSID should only allow http traffic. 1 AP has already been set up with one SSID that accomplishes the employee role. It uses 802.11x auth using a radius server. How do I set up this scenario for my office coverage? Do i create multiple SSID's on 1 AP (one for guest one for employees) and then duplicate it on the other AP? How do i restrict the guest SSID to only allow http traffic?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
chris-marshall Thu, 08/16/2007 - 05:09
User Badges:

The most secure method would be to create two vlans, one for your employee traffic, one for your guest traffic. Place an ACL on the vlan interface for your guest traffic limiting the traffic to HTTP traffic (And also considering limiting the hosts they can actually touch. You don't want a guest finding an unpatched http server in your network and using that as an attack vector for the rest of your network). Then set up a trunk port, hang your aps off that. Set your employee SSID and vlan up as the native vlan. Set the guest ssid up to use the guest/restricted vlan.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode