Wireless Access

Reply
Contributor II
Posts: 71
Registered: ‎06-03-2014

BLOCK GUEST VLAN FROM INTERNAL VLAN

I am running an WLAN 4504 controller with AP135s, my internal VLAN is VLAN1 also the native/management VLAN which is 192.168.*.*/19. I then have a guest VLAN32 with 192.168.*.*/24. I have an internal network DHCP Server which assigns IPs to the internal users only and configured the DHCP server on the controller to serve the guest users only on the VLAN32. At the moment, everything works except the fact that, the users on the guest VLAN can communicate with the internal VLAN users. And if i disable Inter VLAN routing on the Internal VLAN1, the users on the Guest VLAN32 do not have any internet connection at all.

 

Some help will be much appreciated.

Frequent Contributor I
Posts: 70
Registered: ‎02-28-2012

Re: BLOCK GUEST VLAN FROM INTERNAL VLAN

Do you have firewall license on controller? If yes then
- create destination "gateway", put ip address gateway on it.
- create destination "local", put subnet local on it
- on guest authenticated role acl, define
* - * - icmp/dns/dhcp - allow
* - gateway - * - allow
* - local - * - block
* - * - http/https - allow

If you dont have firewall license on controller, put guest gateway on fw box (ex:fortigate), and config acl from there.
Contributor II
Posts: 71
Registered: ‎06-03-2014

Re: BLOCK GUEST VLAN FROM INTERNAL VLAN

Thanks a lot for the quick response, Unfortunately, we do not have the firewall license so i guess my option is to use the FW box.

 

There is a PFsense firewall box being implemented, can you be a little specific on what i should do since I am a little new to this.

 

thanks in advance

Search Airheads
Showing results for 
Search instead for 
Did you mean: