11-29-2007 11:34 AM - edited 07-03-2021 03:01 PM
I am implementing a wireless guest solution for Internet access. I would like to restrict these users to Internet access only. I undestand the concept of configuring a seperate vlan for them but how can I restrict them to Internet only. I also have remote campuses that I would like to setup as well. I have an ASA 5520 for my firewall and am using metro ethernet from the main campus to the remote campuses. Thanks for any help.
11-30-2007 07:11 AM
Hello,
I have found the simplest way of doing this is to apply an access list to the radio sub-interface for the vsitor vlan.
Set the access-list to allow any dhcp requests, deny any to a private network and permit any.
You could do it back at the ASA but there is a chance of the traffic getting onto the network first.
HTH.
Andy.
11-30-2007 12:53 PM
Thanks for the reply. What if the AP is not Cisco? Currently we have a 3rd party providing the Guest access.
12-03-2007 02:18 AM
Hello,
If the AP is only providing the guest ssid and no other you can apply the access-list at the switch.
It depends on the switch as to where you have to apply the acl. Either vlan int or physical int.
HTH.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide