Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wireless vlan security help

I set up a second ssid and vlan for guests. The native and original vlan is in place and requires WEP. I set the second vlan to broadcast the SSID and have no encryption. I have clients connect, and almost have everything done. The only thing I cant figure out is how to isolate the traffic from the second vlan to the first. I have the second vlan set up so that the users cannot see anything on the native vlan, but I can ping the servers by IP address and if I try to connect from the second vlan to the first, it lets me with a valid username and password. This tells me that if a guest comes in, and has a virus, that computer can maybe infect computers on the native vlan. How can i truly isolate the traffic from one vlan and have it access only the default gateway?

Hall of Fame Super Silver

Re: Wireless vlan security help

Don't route the guest vlan and or place acl on the l3 to deny traffic from the guest subnet..

*** Please rate helpful posts ***
New Member

Re: Wireless vlan security help

I need to route the guest vlan to the default gateway. I have multiple access points, so i need to route the guest vlan on the L3 interfaces. I have the route statement added for the guest vlan network addresses pointing to the default gateway, but if i try to connect using the native vlan IP address, i can get to stuff.