Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
3
Replies

Secure private network from public with cisco 4402 controller

glynncounty
Level 1
Level 1

‎01-11-2008 06:35 AM - edited ‎03-03-2019 08:14 PM

I am trying to create a public ssid that goes straight to our pix 501 and out the cable modem without any access to our internal network.

Is this something I can do with an access control list on the 4402 so I can have an address in the say 192.168.1.0 network go straight to our pix and cable modem at say 10.24.16.254 255.0.0.0 ?

Or is this something I should do on the core router?

Any help would be greatly appreciated i am brand new to ACL's..

Labels:
0 Helpful
3 Replies 3

keegan.holley
Level 1
Level 1

‎01-12-2008 05:00 PM

This is usualy done on the wired network. The ssid's are dumped into vlans with some device doing intervlan routing. You can create acl's on the intervlan device to control network access.

HTH,

Keegan

0 Helpful

Robert Rowland III
Level 1
Level 1

‎01-14-2008 04:27 AM

You could configure the PUBLIC ssid to use address space in the 10.1.1.0 network as seen in this link http://www.cisco.com/warp/public/110/19b.html but you would still have to vlan the wlc over to that area ( normally the 10.1.1.0/24 would use a point to point link w/30 but a /24 between pix and router is "ok" ) and then you would issue ip addresses from the 10.1.1.0 scope to your PUBLIC users.

Make sure Router B does not route 10.1.1.0 internally and you would be good to go.

Or ...

Replace that 501 with a ASA 5505 and you have oodles of options including support for vlan/sub-interfaces ( 501 reaches end of support next year). Then you could trunk a vlan from wlc through switch and router and terminate it(default gw) in the ASA. You could even use address space not in use elsewhere with your network to secure it even more so. You can do this with the BASE version of the 5505.

Look at figure 4.1 and substitute the word "HOME" with "PUBLIC" and you will see your network -

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/int5505.html#wpxref44915

Email me if you want more info.

0 Helpful

glynncounty
Level 1
Level 1
In response to Robert Rowland III

‎01-14-2008 07:23 AM

Okay not a problem being able to use use a certain DHCP scope like 10.1.1.0 network.

I am confused on what you mean by, "but you would still have to valn the wlc over to that area".

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card