Training and Certification

0 Kudos


Question regarding Guest design for IAPs.

In a controller environment, a hardened Ethernet port gets directed to a firewall port, or DMZ for guest traffic. Thus, physically separating the guest traffic from the corporate LAN.  But with IAP’s/ virtual controllers I don’t have that option.


How do I prevent guest traffic from hitting the LAN, other than using Firewall rules to prevent that specific destination? What’s the best approach?


Thanks Stefan

New Contributor


Check out this link and see if it helps:


On the Step 2, Client VLAN assignment, I would chose Custom and use/create a Guest VLAN.


Again, I am not sure if this answers your question or not; as I don't know how is your network setup.