cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
233
Views
0
Helpful
1
Replies

How to accomplish this scenario?

ryan
Level 1
Level 1

I have 2 1130AG access points. In the end i want two SSID's, one for guest users and one for employees. The guest SSID should only allow http traffic. 1 AP has already been set up with one SSID that accomplishes the employee role. It uses 802.11x auth using a radius server. How do I set up this scenario for my office coverage? Do i create multiple SSID's on 1 AP (one for guest one for employees) and then duplicate it on the other AP? How do i restrict the guest SSID to only allow http traffic?

1 Reply 1

chris-marshall
Level 1
Level 1

The most secure method would be to create two vlans, one for your employee traffic, one for your guest traffic. Place an ACL on the vlan interface for your guest traffic limiting the traffic to HTTP traffic (And also considering limiting the hosts they can actually touch. You don't want a guest finding an unpatched http server in your network and using that as an attack vector for the rest of your network). Then set up a trunk port, hang your aps off that. Set your employee SSID and vlan up as the native vlan. Set the guest ssid up to use the guest/restricted vlan.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: