Locking down guest wireless network

Unanswered Question
Jun 4th, 2014
User Badges:

I have a Cisco 5508 WLC with a guest network set up on it. The WLAN uses local authentication and grants access through an ASA to the Internet.

 

I just found out that the customer now wants to limit where wireless clients can go on the Internet by URL, etc. Since the wireless clients have to use the WLC as a proxy in order to join the network, I am not sure the best way to accomplish this.

 

How is this typically done in a reasonable and economical manner?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jmeachum Wed, 06/04/2014 - 18:54
User Badges:

You will need a content filter.  If there is not too many users/bandwidth then you could use a Meraki MX60 ($495 list) or MX80 ($1995) to filter the traffic.

Colin Higgins Wed, 06/04/2014 - 20:32
User Badges:

Since the wireless users have to use the WLC for a proxy, how would the Meraki filter URLs?

 

Can it do wccp? Some kind of transparent proxy function?

jmeachum Thu, 06/05/2014 - 05:25
User Badges:

The WLC only does the proxy for the Web-auth, after the user has successfully authenticated there is no more proxy.  Be careful when setting up web filtering for Web-auth if the web page the station is trying to hit can not be resolved by DNS then the Web-auth page will fail to come up.

I hope this helps.

John

Actions

This Discussion

 

 

Trending Topics - Security & Network