Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restrict Wireless Guest Internet Access

I am implementing a wireless guest solution for Internet access. I would like to restrict these users to Internet access only. I undestand the concept of configuring a seperate vlan for them but how can I restrict them to Internet only. I also have remote campuses that I would like to setup as well. I have an ASA 5520 for my firewall and am using metro ethernet from the main campus to the remote campuses. Thanks for any help.

3 REPLIES
New Member

Re: Restrict Wireless Guest Internet Access

Hello,

I have found the simplest way of doing this is to apply an access list to the radio sub-interface for the vsitor vlan.

Set the access-list to allow any dhcp requests, deny any to a private network and permit any.

You could do it back at the ASA but there is a chance of the traffic getting onto the network first.

HTH.

Andy.

New Member

Re: Restrict Wireless Guest Internet Access

Thanks for the reply. What if the AP is not Cisco? Currently we have a 3rd party providing the Guest access.

New Member

Re: Restrict Wireless Guest Internet Access

Hello,

If the AP is only providing the guest ssid and no other you can apply the access-list at the switch.

It depends on the switch as to where you have to apply the acl. Either vlan int or physical int.

HTH.

389
Views
5
Helpful
3
Replies
CreatePlease to create content