• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 298
  • Last Modified:

Internet for Guests

Hello Experts,

We have a Cisco Switch 3750G configured with 10 L3 VLANS. I am going to introduce Internet ADSL Router for guests only.

I have 5 AP distributed. The AP's will have 2 SSID  Guest and Corporate).

What would be the best way to setup network for guests to access internet only, while isolating our internal network subnet?
0
cciedreamer
Asked:
cciedreamer
  • 2
1 Solution
 
dinkytoy101Commented:
Couple of possible options:

1. If only the only thing to guest -> internet then make them all the same layer 2 vlan and the default gateaway on the ADSL router. The 3750 is just passing them through so no access to the rest of the network. Quick and easy.

2. Not sure if the 3750 supports it but you could create a Guest VRF and route their traffic separately. More complex but scalable solution.

Not sure how you are handling any firewall/security bits though.
0
 
Robert Sutton JrSenior Network ManagerCommented:
You can probably get away with using web authentication for the guest users and EAP for those on the Internal wlan. There are alot of different ways to achieve the same goal. Below you will find two examples listed but ultimately it comes down to your needs and your equipment available and or its capabilities. I hope this helps.

http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
0
 
cciedreamerAuthor Commented:
Thank you experts for the response.

From the above comments I have got 2 options

Option 1 ( no money involved) : Create a Vlan on the Switch without layer 3 ip addressing.
and Connect the router to this vlan. Then configure AP's SSID be in this vlan. The client will get the DHCP IP address from the router and it will be there defaul gateway

Option 2 ( money involved): This could be achieved by getting WLC. which is currently not our requirement. But I would be interested to know how much it can cost me to use for other customers lets say they have AP's more than 100.

Thanks
0
 
cciedreamerAuthor Commented:
I am going with Option 1
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now