Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco-Guest VLAN

I have set this Cisco-Guest VLAN for consultants and visitors to access the internet only, however, when I test the connection it does not allow me to connect to the internet. I am not sure what else to check. I check the switch (catalyst Express 500) and when I have the device connected is the drop is up and green but I am not able to go out to the internet. If I changed the drop to the default VLAN all is well. Can anyone help? Thanks.

Rafael.

3 REPLIES

Re: Cisco-Guest VLAN

Rafael,

In order to have internet connectivity on your guest-vlan, you have to make sure that this subnet is being routed on the device where internet is terminating. I.e you have to route this vlan on your Layer3 device and then NAT on your router where the internet is connected.

Please let us know your network connectitvity and we will help you design this.

HTH,

-amit singh

New Member

Re: Cisco-Guest VLAN

I have an 1841 router receiving the internet connection. Then the router connects to an ASA 5510 which in turn connects to an 2811 router where all the point-to-point T1s come in. From there the T1 to this branch connects to a CSU/DSU, connecting to a 2620 switch. Then I have a cisco catalyst 500 switch where I created this Guest Vlan. I hope I have not muddied the waters here. Let me know if this needs clarification.

Rafael.

Re: Cisco-Guest VLAN

Rafael,

As I dont have have the complete picture of you network but as per the discription above, I think that following things will work.

Make sure that your guest-vlan is routable at the branch office i.e your inter-vlan routing is working for the vlan. Then setup the PBR i.e policy based routing at the 2620 to direct the traffic from the guest-vlan to ASA directly.To do this setup ASA's Ip as the next hop IP on the router and then point a static route to reach ASA on 2620 router.Point a static route on ASA for guest-vlan for the retuen traffic from ASA to the router 2620.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart1/qcpolicy.htm

HTH,

-amit singh

417
Views
0
Helpful
3
Replies