Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest VLAN

Hi,

I need to allow guests to access our wireless infrastructure. My initial thoughts about how to enable this involve setting up a guest VLAN associate with an additional SSID.

My question is how do I ensure that traffic from this guest VLAN is only allowed to the internet and prevented from reaching anywhere else? Is using ACL's a feasible method or would another solution be better? I don't have the budget to purchase a solution such as an access control server for this.

The access layer switches in the network are HP Procurve 2650's, these are connected to Cisco 4506 Layer 3 switches.

Any suggestions gratefully appreciated.

TIA

Richard

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Guest VLAN

Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW

And you do route-map in the router that means that the only way out from the VLAN is via the firewall.

Hope that clears it up.

4 REPLIES
New Member

Re: Guest VLAN

Do a route map and force them to route to your firewall . With something like this.

route-map GuestVlan2Internet permit 10

match ip address x.x.x.x

set ip next-hop x.x.x.x

Please rate if you find it usefull.

New Member

Re: Guest VLAN

Thanks for the response.

Is that set on the access point?

New Member

Re: Guest VLAN

Well the AP can't really do route-maps as far as I know. I might have misunderstood you. This requires you to have AP - Switch-Router-FW

And you do route-map in the router that means that the only way out from the VLAN is via the firewall.

Hope that clears it up.

New Member

Re: Guest VLAN

Sorry, your understanding of the topology is correct, I was just being a bit dumb :)

I'll try this out. Thanks for your help.

291
Views
0
Helpful
4
Replies