Setting up guest acount to only go to the internet.

Unanswered Question

I'm a bit new to the ESW 520 Switch but I am trying to set up a port that will be hooked up to an Access Point & I only want it to connect to the Internet & be isolated from the rest of the network. I know I have to have two differant VLANs to make this happen but from there I can not find any other information. I am using the Cisco WAP 4410N Access Point. Where can I go to direct this one port to the internet only?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
alissitz Mon, 05/17/2010 - 11:58
User Badges:
  • Silver, 250 points or more

What type of router are you using?  Can it support VRFs or multiple VLANs?   VRFs can also be used to segregate trafffic inside your network, however you will need multiple internet drops for this.  Using VRFs is a great way to separate your guest network within another network.

On your switch and router, you can create a guest vlan, and map it to a SSID on the AP.  Then users who connect to this SSID will also be mapped to this VLAN.

If you have a single internet connection, then you will need to create ACLs which prohibit this guest vlan from being routed back into and able to talk to your corp vlan.  ACLs can accomplish this

For how-to help, please consult the config guides.


Andrew Lissitz