We have multiple small campus locations that have an S1500 MAS switch deployed. The switches have access back to our datacenter via an MPLS network. We have AP105’s deployed as well and we are installing local internet connections at each site.
On the MAS we have 3 VLANs configured. 1 VLAN is part of our MPLS network. The second VLAN is for some of our wireless traffic. And the 3rd VLAN is for future guest access to the internet as well as the local internet provider. All internet traffic on the 2nd vlan should go out the local internet provider all corporate access should be directed to the MPLS network.
I have enable PBR on the second VLAN that specifies all internet traffic should go out the local internet connection on the 3rd VLAN and all corporate access will go across the MPLS network. This works.
We would like to secure the port that is connected to the Local internet provider device ( DSL modem, Cable, 4G etc..) on the 3rd vlan without deploying a firewall. VIA ACL’s, basically allow all traffic out to the internet but deny all incoming traffic. It all sounds very simple but I am struggling to come up with the correct solution.
Regards