Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

suggestions on creating 2nd network for guests

We would like to provide guests access to the Internet. The guests would need IP through DHCP and not have access to the LAN where servers reside, thus by default they would reside on a different subnet. We have a perimeter router, ASA firewall with DMZ, L2 and L3 switches.

Any suggestions would be appreciated on allowing guests to access the Internet, without access to servers.

Super Bronze

Re: suggestions on creating 2nd network for guests

Should be possible to provide separate internal subnets for guests for which you control access both in and out of. This generally isn't two difficult if you dedicate wired ports and/or wireless AP SSID for guests, can be become much more complex if you want to support dynamic wired port mapping and/or multiple AP SSID access.

At L2 guest subnet(s) would also usually map to guest VLAN(s). At L3 you can control access via ACLs and/or using VRFs.

New Member

Re: suggestions on creating 2nd network for guests

How to configure the firewall with multiple internal networks? We are using active directory for DHCP to hosts, can the ASA give DHCP address to the guest network?

Super Bronze

Re: suggestions on creating 2nd network for guests

I'm unfamilar with the capabilities of both AD DHCP and ASAs. If someone else doesn't post answers, you might post the ASA question on one of the security forums (e.g. Security - Firewalling). Cisco routers can usually also do DHCP, don't know what your other options are.

CreatePlease to create content