Hello,
I have configured a vlan for wired guest on a L3 core switch (2930M 16.08). Port-access (EAP or MAC) authentification for unknown Mac or user push a guest policy with portal redirection.I have an IP address on my guest Vlan and guest PC are correctly redirect to CPPM Guest portal.
Everything works great.
But, as my L3 core switch has several ip interface (user vlan, server vlan, etc), i think it would be secure to disable L3 routing on guest vlan interface, to avoid nasty guest to change their default route from my firewall DMZ IP (managing guest access to Internet) to the switch vlan guest interface IP to get access to my whole lan.
As i add command "disable layer3" in interface vlan guest, i can't get redirection to my captive portal anymore.
Is there a spécial command to disable routing while keeping redirect to work?
Regards