• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 961
  • Last Modified:

Configuring Guest Access

I'm needing help configuring a wireless guest network. I've never setup a vlan and need some guidance. We have HP 420 wireless access points (with the default ssid using 802.1x), HP 5400 switches (running at layer 2); and Cisco 2800 series routers. Right now everyone is on default vlan 1. I want to make the guest vlan 5.  
The router seems to be the big question for me. How do I configure the router for the new vlan and how do I word the ACL to limit the guest users?
0
gaskew
Asked:
gaskew
1 Solution
 
lrmooreCommented:
Can't help with the HP switch, but make sure you set the port that the router connects into as a trunk port and include vlan 1 and vlan 5.

On the router, setup a vlan subinterface:

interface Fastethernet 0/0.5
 encap dot1q 5
 ip address 10.20.30.1 255.255.255.0
 ip nat inside
 access-group 101 in

Add whatever IP subnet you are assigning to the guest wireless vlan to the nat acl:

access-list 1 permit 10.20.30.0 0.0.0.255  <= guest vlan
access-list 1 permit 10.10.10.0 0.0.0.255  <= internal LAN
ip nat inside source list 1 interface serial0/0/0 overload  <== whatever you have already

To restrict access between the networks, define acl 101 that gets applied to the interface:
 access-list 101 deny ip 10.20.30.0 0.0.0.255 10.10.10.0 0.0.0.255
 access-list 101 permit ip any any

Done

0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now