Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Public Access Point Recommendation?

A business client wants to provide wireless Internet access to visitors, but wants to be sure that no visitors can access any resources on his LAN. Being new to Cisco, I want to know whether the Aironet 1100 or 1200 include everything we'll need to set this up? If not, what else is required and why?

The existing LAN is pretty straightforward. 10 clients behind a non-Cisco firewall. Fewer than 25 wireless guests will be present at a time in a small area.

I just want to be sure than no wireless clients can access anything else on the LAN / WLAN. They should have Internet access only. I can do this easily with a competing product, but figured this would be a good project to try out Cisco.

Any advice or reading recommendations?



Re: Public Access Point Recommendation?

Re: Public Access Point Recommendation?

How exactly you do it will be your choice, but the AP1200 is very well suited for this type of application for sure. It will handle multiple radio's at once if desired and it will do dot1q trunking back to your switches. You could then put all guest traffic on one VLAN and ideally put them into a DMZ on the firewall by having it participate in this VLAN (either via trunking or another ethernet port). The 1200 is quite flexible in these respects.

New Member

Re: Public Access Point Recommendation?

Thanks for your response Craig. It sounds like the AP1200 can't provide the secure guest services alone, though. No matter what, I'm going to have to buy at least one other Cisco component in order to support dot1q trunking or VLANs, right? I was hoping that I could install an AP1200 without having to change any of their existing non-Cisco equipment.

At present, I believe a standalone AP1200 doesn't include a mechanism to limit wireless traffic to the gateway. I also believe that feature is the only one necessary to protect the LAN from potentially dangerous wireless guest traffic. I'd like to know if anyone has a different opinion. Thanks again.

CreatePlease to create content