We are using a Cisco wireless LAN controller (WLC) and APs to give our company 2 WiFi networks. The first is for our use and it has access to our network and the second is for guest use and should only have access to the Internet via our firewall. I am trying to figure out how to properly route the traffic from the clients on the guest WiFi to our firewall.
The WLC uses VLANs to segregate the various networks. VLAN 5 is for WiFi management and is used by the WLC to talk to the APs (172.16.150.0/24). VLAN 6 is used for the guest WiFi network (172.16.160.0/24). VLAN 7 is used for the internal WiFi network (172.16.170.0/24). The WLC has 2 ports that connect to the closest Cisco Switch. Both ports on the switch that the WLC connects to are setup for 802.1Q trunking. There are 2 more switches that traffic has to hop through to get to our ISA Server firewall. The firewall has 1 physical port for the internal traffic that is VLANed in to 2 virtual ports for VLAN1 and VLAN 6.
I have attached a network diagram to show the details.
How do I get data from a guest WiFi client to the firewall without allowing them access to our internal network (ie: route VLAN6 through to the firewall)? network-diagram.jpg
”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
-Mike Kapnisakis, Warner Bros
With your subscription - you'll gain access to our exclusive IT community of thousands of IT pros. You'll also be able to connect with highly specified Experts to get personalized solutions to your troubleshooting & research questions. It’s like crowd-sourced consulting.
We can't always guarantee that the perfect solution to your specific problem will be waiting for you. If you ask your own question - our Certified Experts will team up with you to help you get the answers you need.
Our certified Experts are CTOs, CISOs, and Technical Architects who answer questions, write articles, and produce videos on Experts Exchange. 99% of them have full time tech jobs - they volunteer their time to help other people in the technology industry learn and succeed.
We can't guarantee quick solutions - Experts Exchange isn't a help desk. We're a community of IT professionals committed to sharing knowledge. Our experts volunteer their time to help other people in the technology industry learn and succeed.