Restrict Wireless Guest Internet Access

Unanswered Question
Nov 29th, 2007
User Badges:

I am implementing a wireless guest solution for Internet access. I would like to restrict these users to Internet access only. I undestand the concept of configuring a seperate vlan for them but how can I restrict them to Internet only. I also have remote campuses that I would like to setup as well. I have an ASA 5520 for my firewall and am using metro ethernet from the main campus to the remote campuses. Thanks for any help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
andyjames Fri, 11/30/2007 - 07:11
User Badges:


I have found the simplest way of doing this is to apply an access list to the radio sub-interface for the vsitor vlan.

Set the access-list to allow any dhcp requests, deny any to a private network and permit any.

You could do it back at the ASA but there is a chance of the traffic getting onto the network first.



gbarden Fri, 11/30/2007 - 12:53
User Badges:

Thanks for the reply. What if the AP is not Cisco? Currently we have a 3rd party providing the Guest access.

andyjames Mon, 12/03/2007 - 02:18
User Badges:


If the AP is only providing the guest ssid and no other you can apply the access-list at the switch.

It depends on the switch as to where you have to apply the acl. Either vlan int or physical int.



This Discussion



Trending Topics - Security & Network