Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
648
Views
5
Helpful
3
Replies

Restrict Wireless Guest Internet Access

gbarden
Level 1
Level 1

‎11-29-2007 11:34 AM - edited ‎07-03-2021 03:01 PM

I am implementing a wireless guest solution for Internet access. I would like to restrict these users to Internet access only. I undestand the concept of configuring a seperate vlan for them but how can I restrict them to Internet only. I also have remote campuses that I would like to setup as well. I have an ASA 5520 for my firewall and am using metro ethernet from the main campus to the remote campuses. Thanks for any help.

Labels:
0 Helpful
3 Replies 3

andyjames
Level 1
Level 1

‎11-30-2007 07:11 AM

Hello,

I have found the simplest way of doing this is to apply an access list to the radio sub-interface for the vsitor vlan.

Set the access-list to allow any dhcp requests, deny any to a private network and permit any.

You could do it back at the ASA but there is a chance of the traffic getting onto the network first.

HTH.

Andy.

gbarden
Level 1
Level 1
In response to andyjames

‎11-30-2007 12:53 PM

Thanks for the reply. What if the AP is not Cisco? Currently we have a 3rd party providing the Guest access.

0 Helpful

andyjames
Level 1
Level 1
In response to gbarden

‎12-03-2007 02:18 AM

Hello,

If the AP is only providing the guest ssid and no other you can apply the access-list at the switch.

It depends on the switch as to where you have to apply the acl. Either vlan int or physical int.

HTH.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card