11-21-2014 04:20 AM
I am trying to use the Default guest profile for guest access to the internet. I therefore created a VLAN32 with interface IP 192.168.32.1/24 for the guest users. This vlan should be able to access just the internet and nothing else. After creating this VLAN, everything works well just that the VLAN has access to the whole internal network. But if i disable inter VLAN routing on the internal VLAN (Management VLAN), then the clients in the guest VLAN is blocked entire from all the network resources (Internet etc). I therefore wanted to use ACLS on the my firewall/default gateway to block internal access and allow only internet and OpenDNS but this unfotunately doesnt work either as expected. I traced route and realised that, the routes does not go through the firewall/default gateway to reach the internal network, so I am supposing that is why the ACLs re not applied to the traffic. I would like to set the default gateway for the VLAN32 clients to the firewall/default gateway IP instead of the VLAN32 interface IP, but since they will not be in the same subnet/network it will not work. Can someone suggest a work around for my situation?
11-21-2014 04:24 AM
11-21-2014 04:26 AM
Thanks for the quick reply. Unfortunately, i have the basic license which does not allow me to create session ACL. So i cannot create the netdestination as you are suggesting. What will be my other options?