We have a Catalyst 3750G switch with about 10 VLANs. Most of the VLAN's have helper IP's to a DHCP server. We've just purchased two Cisco 2600 WAP's to include public access, and we want to connect them to their own VLAN and restrict access on some wireless devices (or some SSID's) to NOT be able to reach devices on the other VLAN's. If it's easier for now we can restrict all wireless devices to their own VLAN and internet access only.
Is there a way to disable inter VLAN routing for one VLAN only? I understand I will probably have to set up another DHCP server interface on that VLAN. Also what about security and setting up a Radius server? It would be nice to use all the features the 2600's have.
Usually to restrict inter vlan access you would use an access list (acl) on the SVIs (Switched Virtual Interface) ie. the "interface vlan " bit in your configuration.
You can allow DHCP through with an acl to your current DHCP server and then block all other traffic. But it depends on where the internet access is ie. if to get to the internet you need to go via another vlan then you would need to allow that through as well.
If internet access was in the same vlan and you created another DHCP server for that vlan then you could completely disable inter vlan routing by removing the SVI for that vlan and then the wireless clients would not be able to route to any other vlans internally.
But usually DHCP and the physical internet access are not on the same vlan as the wireless clients.
In terms of security you may be better posting that part in the Wireless forums. You can use Radius to authenticate clients but i haven't done that in a long time so i'm not really up to date on that side of things.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...