Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
0
Helpful
3
Replies

Cisco-Guest VLAN

raraya
Level 1
Level 1

‎01-05-2007 05:13 PM - edited ‎03-05-2019 01:37 PM

I have set this Cisco-Guest VLAN for consultants and visitors to access the internet only, however, when I test the connection it does not allow me to connect to the internet. I am not sure what else to check. I check the switch (catalyst Express 500) and when I have the device connected is the drop is up and green but I am not able to go out to the internet. If I changed the drop to the default VLAN all is well. Can anyone help? Thanks.

Rafael.

Labels:
0 Helpful
3 Replies 3

amit-singh
Level 8
Level 8

‎01-05-2007 09:07 PM

Rafael,

In order to have internet connectivity on your guest-vlan, you have to make sure that this subnet is being routed on the device where internet is terminating. I.e you have to route this vlan on your Layer3 device and then NAT on your router where the internet is connected.

Please let us know your network connectitvity and we will help you design this.

HTH,

-amit singh

0 Helpful

raraya
Level 1
Level 1
In response to amit-singh

‎01-08-2007 10:21 AM

I have an 1841 router receiving the internet connection. Then the router connects to an ASA 5510 which in turn connects to an 2811 router where all the point-to-point T1s come in. From there the T1 to this branch connects to a CSU/DSU, connecting to a 2620 switch. Then I have a cisco catalyst 500 switch where I created this Guest Vlan. I hope I have not muddied the waters here. Let me know if this needs clarification.

Rafael.

0 Helpful

amit-singh
Level 8
Level 8
In response to raraya

‎01-08-2007 10:34 AM

Rafael,

As I dont have have the complete picture of you network but as per the discription above, I think that following things will work.

Make sure that your guest-vlan is routable at the branch office i.e your inter-vlan routing is working for the vlan. Then setup the PBR i.e policy based routing at the 2620 to direct the traffic from the guest-vlan to ASA directly.To do this setup ASA's Ip as the next hop IP on the router and then point a static route to reach ASA on 2620 router.Point a static route on ASA for guest-vlan for the retuen traffic from ASA to the router 2620.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart1/qcpolicy.htm

HTH,

-amit singh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card