03-01-2012 01:15 PM
I am making my first run at setting up the guest network in the instant AP's. I have it configured and even though in the instant OS PDF guide it says the network will deny traffic to the LAN of the AP by default the ACL states it's going to allow traffic to anywhere and it indeed does so.
So I then went in and changed this to allow to all destinations but then blocked traffic to the LAN subnet and at this point I then had no internet connectivity on the guest network and of course couldn't access the LAN either.
So I then thought, well maybe I need to be able to hit the gateway on the LAN in order to pass traffic to the internet so I put in an ACL that would allow traffic to the gateway IP as well and it still won't work.
I contacted support and since these are NFR units we didn't buy support and we only have 90 day email support. They have now sent me three responses basically telling me to do exactly what I've already done even though I've stated in my email that I've done those things. Maybe they didn't read my poriton of the email I don't know.
So I'm sure this is something stupid I'm either doing or not doing. Anyone have any idea as to what I am missing here? I assumed by the setup guide that it would work the way I'm trying to get it to work just by designating it a guest network.
03-01-2012 03:55 PM
ACLs can get very complex and order does matter. I would reccomend sharing your ACL from the config file. You can view the config under maintenance >> configuration.
Your config for ACL will look something like this:
wlan access-rule BigSmallCompany
rule any any match any any any permit
Hope that helps!