• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 324
  • Last Modified:

guest routing with cisco 2821

This is probably really simple but I still need a little help
I have a 2821 router with 2 Gig ports a Fast Ethernet card and a 4 port switch module.
Port configuration
Gig 0/0 = 10.10.x.y (LAN)
Gig 0/1.1 = 172.29.x.y ( WAN / MPLS Connection)
FastEthernet 0/3/1 = – connected to cisco access point. on seperate vlan 40
Fast Eth 0/2/0 = 216.167.x.y
Users currently access the internet via the FE 0/2/0 port and obviously the LAN on G0/0
What I need is to be able to route guest access to the internet across the 192.168 subnet and keep them off the LAN - company policy is to allow vistors unrestricted access to the internet so firewall (on that side) is not an issue.
Do I need a second IP address to do this?
Is it done with access rules and such?  if so an outline or link to documentation / suggetions is all I need.
  • 2
1 Solution
Craig BeckCommented:
You can use ACLs - that's the easiest way to do it.

You'll need one ACL which is applied to the FastEthernet0/3/1 interface.  You could also use this ACL for a NAT statement to allow internet access via FastEthernet0/2/0.

Something like...

ip access-list extended GuestAccess
 deny ip any
 deny ip any
 permit ip any
interface FastEthernet0/2/0
 ip nat outside
interface FastEthernet0/3/1
 access-class GuestAccess in
 ip nat inside
ip nat inside source list GuestAccess interface FastEthernet0/2/0 overload
MPontoNetwrok AdminAuthor Commented:
Tried this and it worked fine - sort of.
Guest users were able to access the internet but, it prevented internal users from accessing the internet.
i am looking at who to redo the access list and will post if someone doesn't beat me to it.
MPontoNetwrok AdminAuthor Commented:
once I adjusted the access-list to meet my router config it worked fine - good work
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now