troubleshooting Question
Cisco VLAN Routing
We are using a Cisco wireless LAN controller (WLC) and APs to give our company 2 WiFi networks. The first is for our use and it has access to our network and the second is for guest use and should only have access to the Internet via our firewall. I am trying to figure out how to properly route the traffic from the clients on the guest WiFi to our firewall.
The WLC uses VLANs to segregate the various networks. VLAN 5 is for WiFi management and is used by the WLC to talk to the APs (172.16.150.0/24). VLAN 6 is used for the guest WiFi network (172.16.160.0/24). VLAN 7 is used for the internal WiFi network (172.16.170.0/24). The WLC has 2 ports that connect to the closest Cisco Switch. Both ports on the switch that the WLC connects to are setup for 802.1Q trunking. There are 2 more switches that traffic has to hop through to get to our ISA Server firewall. The firewall has 1 physical port for the internal traffic that is VLANed in to 2 virtual ports for VLAN1 and VLAN 6.
I have attached a network diagram to show the details.
How do I get data from a guest WiFi client to the firewall without allowing them access to our internal network (ie: route VLAN6 through to the firewall)?
network-diagram.jpg
The WLC uses VLANs to segregate the various networks. VLAN 5 is for WiFi management and is used by the WLC to talk to the APs (172.16.150.0/24). VLAN 6 is used for the guest WiFi network (172.16.160.0/24). VLAN 7 is used for the internal WiFi network (172.16.170.0/24). The WLC has 2 ports that connect to the closest Cisco Switch. Both ports on the switch that the WLC connects to are setup for 802.1Q trunking. There are 2 more switches that traffic has to hop through to get to our ISA Server firewall. The firewall has 1 physical port for the internal traffic that is VLANed in to 2 virtual ports for VLAN1 and VLAN 6.
I have attached a network diagram to show the details.
How do I get data from a guest WiFi client to the firewall without allowing them access to our internal network (ie: route VLAN6 through to the firewall)?
network-diagram.jpg
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 12 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.