Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Secure Guest Access with 5508 controller

Hi there,

Could someone point me in the right direction with regards to the following?

I have a requirement to set up a guest SSID for contractor so that they can use the internet while in the office.

Security say that all traffic on this SSID should be isolated and directed straight to the firewall, with no chance of contamination into the company network infrastructure.

With the 5508, my understanding is using the setting up a guest account functionality built in will achieve this, but all traffic would end up at the wireless controller. How do I then put a direct forward for all traffic to the firewall which will only affect the guest traffic?

Any help would be welcomed with delight and joy!!!

Andy

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Secure Guest Access with 5508 controller

1. Drop the traffic at the WLC apply ACl

2. Anchor the traffic to the DMZ

3. Take one of the ports from the WLC and plug it into the FW

DONE...

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
7 REPLIES
Cisco Employee

Secure Guest Access with 5508 controller

Configure an ACL on the router of the ACL for that Guest VLAN so that, the Guest VLAN can only go out directly to the internet and not to communicate with any other VLAN..

Regards

Surendra

Community Member

Re: Secure Guest Access with 5508 controller

The best way to accomplish this would be to have your internal controller anchor to another controller located in you DMZ. This would allow you to choose whatever SSID you want and have its traffic virtually terminate outside of your trusted network. If clients attached to this SSID needed access to internal resources they could use a VPN to come back in.

Sent from Cisco Technical Support iPad App

Re: Secure Guest Access with 5508 controller

1. Drop the traffic at the WLC apply ACl

2. Anchor the traffic to the DMZ

3. Take one of the ports from the WLC and plug it into the FW

DONE...

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Community Member

Re: Secure Guest Access with 5508 controller

to George Stefanick

Could you provide url of documentation how to implement third solution -

Take one of the ports from the WLC and plug it into the FW,

especialy configuration of WLC.

Silver

Re: Secure Guest Access with 5508 controller

There is no documentation for that, most don't do it and I've seen it not recommended before.

Anyways, all you do is setup a dynamic interface and select port 8 for example and plug that into your DMZ network or FW interface directly. This will only work if you are not doing LAG on the 5508.

Re: Secure Guest Access with 5508 controller

As Blake pointed out its not supported, but it works. I have a customer set up like this and they are running fine.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Hall of Fame Super Silver

Re: Secure Guest Access with 5508 controller

I too have customers setup this way with no issues. I don't know why it wouldn't be supported... It was supported on the 4400's and even on the 2504's. Oh well... It works fine.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
585
Views
10
Helpful
7
Replies
CreatePlease to create content