11-11-2014 12:02 AM
I am running an WLAN 4504 controller with AP135s, my internal VLAN is VLAN1 also the native/management VLAN which is 192.168.*.*/19. I then have a guest VLAN32 with 192.168.*.*/24. I have an internal network DHCP Server which assigns IPs to the internal users only and configured the DHCP server on the controller to serve the guest users only on the VLAN32. At the moment, everything works except the fact that, the users on the guest VLAN can communicate with the internal VLAN users. And if i disable Inter VLAN routing on the Internal VLAN1, the users on the Guest VLAN32 do not have any internet connection at all.
Some help will be much appreciated.
11-11-2014 02:19 AM
- create destination "gateway", put ip address gateway on it.
- create destination "local", put subnet local on it
- on guest authenticated role acl, define
* - * - icmp/dns/dhcp - allow
* - gateway - * - allow
* - local - * - block
* - * - http/https - allow
If you dont have firewall license on controller, put guest gateway on fw box (ex:fortigate), and config acl from there.
11-12-2014 02:06 AM
Thanks a lot for the quick response, Unfortunately, we do not have the firewall license so i guess my option is to use the FW box.
There is a PFsense firewall box being implemented, can you be a little specific on what i should do since I am a little new to this.
thanks in advance