3750 Switch - Routing Guest WLAN to it's own Internet Access

Unanswered Question
May 14th, 2010
User Badges:

Looking for some suggestions.  We have a stack of 3750 switches, a 4400 series wireless controller, and a seperate physical internet circuit (dsl) at one of our locations.


Our employee wireless network works great and internet access is provided through our MPLS cloud.


We are looking to deploy a guest wireless network.  The setup of this is fine.  My question is how would I route the traffic from the guest VLAN directly to the internet circuit at this site, through the 3750 switch.  Is this possible or would we have to purchase a firewall?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Scott,


You could purchase a firewall - but generally guest WLAN's are unsecure and no-one really cares.  The only thing you want to do is protect your internal network from the Guest WLAN.


What I would do is just write an ACL in the controller - the ACL would limit what Guest WLAN traffic could do:-


Allow ICMP echo & echo-reply only

Allow DNS

Deny any other 1918 traffic to/from the Guest WLAN

Allow everything else.


Create a specific VLAN just for the Guest WLAN, trunk this to the ADSL router, then it's all good.


HTH>

Actions

This Discussion

Related Content