Securing Guest Wlan

Unanswered Question
Oct 3rd, 2007

I am trying to set up a WLAN with internal users and guest users.

I have 2 ssid's one visible one hidden, the visible one is for guest use.

Problem is when I connect to the guest wlan and web auth, I can then ping and telnet to the rest of the corporate network. How do I stop this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 10/04/2007 - 10:36


Have you got separate vlans setup ie.

vlan 10 = users

vlan 11 = guest

You would then hand out different IP address ranges for each vlan eg.

vlan 10 =

vlan 11 =

Then you can either use a firewall or use access-lists on the vlan interfaces ie. suppose the coporate network was made up of subnets

Also assume you want to allow your guest users out to the Internet

access-list 101 deny ip

access-list 101 deny ip


int vlan 11

ip access-group 101 in

This would allow guest users on to access the Internet but not coporate LAN.



r.robins Fri, 10/05/2007 - 06:38

Thanks Jon,

Looks like this is one of two ways to go.

ACL's on the switch/Router or put the WLC onto a DMZ.

Second option just means we use a wlc for 4 AP's taht will provide the Guest access.

Not so bad as we have 4 in total.



This Discussion