ACL on 5508 for Guest WLAN

Unanswered Question
Feb 2nd, 2010
User Badges:

I am trying to create an ACL on a 5508 for the guest WLAN so it wont be able to access internal networks, such as 172.16.0.0 255.255.0.0 and 10.0.0.0 255.0.0.0.  But, the traffic does have to go through these networks to get to the internet.  I have tried to create the ACL a couple of ways but anytime I add a deny statement for the networks I get no Internet access.


I spoke with Cisco Support and was told I would need to have explicit deny statements for nodes we dont want the guests to get to.  Is that true?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dan.letkeman Wed, 03/03/2010 - 09:17
User Badges:

What I did was trunk a vlan from the WLC to my Firewall router and did all of the ACL stuff on there instead.  That way the traffic doesn't need to route through your network, just pass through.


Guest SSID ---- WLC ---- vlan 700 trunk ---- ROUTER w/ ACL denying access to 172.16.0.0/16 etc....

Actions

This Discussion

 

 

Trending Topics - Security & Network