Segment PIX/LAN traffic to different VLANs for Wireless Guest Access

Posted on 2008-11-14
Last Modified: 2013-11-12
Currently I have a number of remote offices that have the following configuration.

Cisco 1811W (Wireless & Wired) -> PIX 506E -> Internet

These offices access the internet directly and the PIX has a VPN tunnel to our corporate office.  Each remote office is identical and currently has a completely flat network using the default vlan.

At our main office I support a number of SSIDs linked to different VLANs on Cisco 1100s.  I have a public VLAN that is behind a captive portal that permits internet access for our guests and vendors.  I am attempting to find a way to provide a secondary SSID at these remote offices that is completely independent of the office network.  

I think the only way I can do this is to create a second VLAN on the 1811W and then VPN that VLAN traffic back to my public wifi/captive portal controller.  I can't seem to find a way to originate VLANs on the PIX and trunk them to the 1811W.  I have found a number of references to VLAN support on the PIX, but nothing definitive.  When I do a 'show ver' on my 506e I don't see VLANs listed.

Any help/suggestions would be much appreciated.

Question by:WilliamKillion
    1 Comment
    LVL 18

    Accepted Solution

    the 506e has limited vlan support. to configure a vlan on a pix you create subinterfaces and assign them to the appropriate vlans. and example would be:
    int fa 0/0
    no shut
    int fa0/0.2
    vlan 2
    nameif guest
    security level 50
    int fa 0/0.5
    vlan 5
    nameif inside
    security level 100

    it might be easier for you to create the subinterface on the router and create an acl to prevent access from the guest network to your infrastructure.

    hope this helps,


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now