Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Guest Wireless Setup

Is there an example that somebody can give me to setup a guest wireless network that only has access to the internet through a vlan that does not use a wireless controller? I am looking for any suggestions.

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Guest Wireless Setup

Here is an example using ACL's to create a guest network. This prevents internal users from accessing internal private addresses and allows them to the internet.

interface Vlan199

description Guest

ip address 10.97.199.1 255.255.255.0

ip access-group 199 in

ip helper-address 10.xx

ip helper-address 10.xx

access-list 199 permit eigrp any any

access-list 199 permit udp any any eq bootps

access-list 199 deny ip any 10.0.0.0 0.255.255.255

access-list 199 deny ip any 172.16.0.0 0.15.255.255

access-list 199 deny ip any 192.168.0.0 0.0.255.255

access-list 199 permit ip any any

3 REPLIES

Re: Guest Wireless Setup

We use VRF on our 6500's, combined with WiSM's (in the 6500's), to shunt guest network traffic straight out to the inTARwebs. The Guest network definition on the WiSM is a different VLAN than the private network.

Community Member

Re: Guest Wireless Setup

I have a 1231 AP connected to a 2960 switch which is connected to a 2811 router. I am using RADIUS to authenicate the users on the AD controller. I do not have a 6500 switch

Thank you

Community Member

Re: Guest Wireless Setup

Here is an example using ACL's to create a guest network. This prevents internal users from accessing internal private addresses and allows them to the internet.

interface Vlan199

description Guest

ip address 10.97.199.1 255.255.255.0

ip access-group 199 in

ip helper-address 10.xx

ip helper-address 10.xx

access-list 199 permit eigrp any any

access-list 199 permit udp any any eq bootps

access-list 199 deny ip any 10.0.0.0 0.255.255.255

access-list 199 deny ip any 172.16.0.0 0.15.255.255

access-list 199 deny ip any 192.168.0.0 0.0.255.255

access-list 199 permit ip any any

404
Views
0
Helpful
3
Replies
CreatePlease to create content