cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
461
Views
0
Helpful
4
Replies

Locking down guest wireless network

Colin Higgins
Level 2
Level 2

I have a Cisco 5508 WLC with a guest network set up on it. The WLAN uses local authentication and grants access through an ASA to the Internet.

 

I just found out that the customer now wants to limit where wireless clients can go on the Internet by URL, etc. Since the wireless clients have to use the WLC as a proxy in order to join the network, I am not sure the best way to accomplish this.

 

How is this typically done in a reasonable and economical manner?

4 Replies 4

jmeachum
Level 1
Level 1

You will need a content filter.  If there is not too many users/bandwidth then you could use a Meraki MX60 ($495 list) or MX80 ($1995) to filter the traffic.

Since the wireless users have to use the WLC for a proxy, how would the Meraki filter URLs?

 

Can it do wccp? Some kind of transparent proxy function?

The WLC only does the proxy for the Web-auth, after the user has successfully authenticated there is no more proxy.  Be careful when setting up web filtering for Web-auth if the web page the station is trying to hit can not be resolved by DNS then the Web-auth page will fail to come up.

I hope this helps.

John

abwahid
Level 4
Level 4

Hi,

For this case we have option  CPU ACLs

this feature were introduced with WLC firmware release 4.0.

Go through below link for further configuration detail.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl-wlc.html#cpuacl

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: