Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to accomplish this scenario?

I have 2 1130AG access points. In the end i want two SSID's, one for guest users and one for employees. The guest SSID should only allow http traffic. 1 AP has already been set up with one SSID that accomplishes the employee role. It uses 802.11x auth using a radius server. How do I set up this scenario for my office coverage? Do i create multiple SSID's on 1 AP (one for guest one for employees) and then duplicate it on the other AP? How do i restrict the guest SSID to only allow http traffic?

New Member

Re: How to accomplish this scenario?

The most secure method would be to create two vlans, one for your employee traffic, one for your guest traffic. Place an ACL on the vlan interface for your guest traffic limiting the traffic to HTTP traffic (And also considering limiting the hosts they can actually touch. You don't want a guest finding an unpatched http server in your network and using that as an attack vector for the rest of your network). Then set up a trunk port, hang your aps off that. Set your employee SSID and vlan up as the native vlan. Set the guest ssid up to use the guest/restricted vlan.

CreatePlease login to create content