Anyone could please advice a recommended way for guest wireless design.
The requirement is to only allow Internet for guest users. The guest user vlan is terminated in a L3 switch and the guest should not see LAN traffic or reach other vlans on the same switch. I tried using a PBR for the guest user vlan setting next hop as firewall but still the users were able to reach other LAN traffic.
The guest SSID is configured to use web authentication (user ID / password) using local user database on a 5500 series controller.
Wat ever wireles config that you have need not be changed!! U need to go for Inter VLAN routing to be tweaked!!
The VLAN that ur using for GUEST should not communicate with rest of the VLANs and allow just Internet traffic, this can be acheived by creating a 2 liner ACL denying traffic for rest of the vlans and allowing the protocols that u need!!
Just to add to this... you can, but if you have a layer 3 interface for your guest, you will need to create access lists. What you also can do is not create a layer 3 interface for you guest and then connect that vlan into your dmz, if you have a dmz.
IntroductionHow to use the Wireless LAN Controller Configuration Analyzer (WLCCA)
Javier Contreras is a Senior Tech Lead for the Wireless Business Unit in Cisco, with over 2 decades of experi...
< PRE >
(#)For this reason being that : - application that doesn't use multicast, sends one copy of each packet ( data unit of traffic at layer 3 ) to each client (" who seeks the traffic ).- application that does use multicast, sends ...
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...