Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Guest Network Routing Isssue

I want to setup a guest wireless network at a remote site(RS).  RS is a node part of an MPLS network running BGP and receiving a default route for all internet bound traffic towards the datacenter (DC).  I understand that I could create multiple SSIDs and VLANs at RS and segregate Corporate and Guest traffic.   But what is unclear to me is how to isolate the Guest Network (GN) from accessing Corporate Network (CN) at the DC.  Since the GN is on a separate VLAN it is unable to reach any hosts on the CN on the local LAN, but how can I limit it to only head towrads the internet router for outside access at the DC?

Regards,

Abbas

  • Getting Started with Wireless
6 REPLIES
Hall of Fame Super Silver

Re: Guest Network Routing Isssue

You might be talking about using a guest anchor WLC. With a guest anchor in the DMZ, you can have all guest traffic tunnel
Back to that guest WLC and place the traffic direct to a subnet in the DMZ.

Sent from Cisco Technical Support iPhone App

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
Hall of Fame Super Silver

Re: Guest Network Routing Isssue

Here is an older doc, but give you an idea of guest anchoring

http://www.cisco.com/c/en/us/td/docs/wireless/technology/guest_access/technical/reference/4-1/GAccess_41.html

Sent from Cisco Technical Support iPhone App

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
New Member

Guest Network Routing Isssue

Thank you.  I will read through it but is there a way to do this with an autonomous AP and access lists?

Hall of Fame Super Silver

Re: Guest Network Routing Isssue

Ah... Nope:). Why not use VRF's and place guest on a Vlan that is Uses VRF's to isolate traffic back to your DMZ.

Sent from Cisco Technical Support iPhone App

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
New Member

Guest Network Routing Isssue

I thought about that but I don't think MPLS (ISP) provider will allow me to mess around with multiple VRFs.  The other thing i thought about was to just get a dedicated internet connection (DSL, Comcast) at the RS and route Guest on it. This would be simpler but adds to the operational costs.

Hall of Fame Super Silver

Re: Guest Network Routing Isssue

Well you can convert the AP's to lightweight and get like a 2504. You can put the AP in FlexConnect and centrally switch the guest back to the DC. The 2504 is a low end WLC that can support up to 75 access points.

Sent from Cisco Technical Support iPhone App

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
113
Views
0
Helpful
6
Replies