05-06-2014 08:51 AM - last edited on 05-14-2014 06:09 PM by
We have multiple small campus locations that have an S1500 MAS switch deployed. The switches have access back to our datacenter via an MPLS network. We have AP105’s deployed as well and we are installing local internet connections at each site.
On the MAS we have 3 VLANs configured. 1 VLAN is part of our MPLS network. The second VLAN is for some of our wireless traffic. And the 3rd VLAN is for future guest access to the internet as well as the local internet provider. All internet traffic on the 2nd vlan should go out the local internet provider all corporate access should be directed to the MPLS network.
I have enable PBR on the second VLAN that specifies all internet traffic should go out the local internet connection on the 3rd VLAN and all corporate access will go across the MPLS network. This works.
We would like to secure the port that is connected to the Local internet provider device ( DSL modem, Cable, 4G etc..) on the 3rd vlan without deploying a firewall. VIA ACL’s, basically allow all traffic out to the internet but deny all incoming traffic. It all sounds very simple but I am struggling to come up with the correct solution.
Re: ACL advice
05-06-2014 09:00 AM
You may want to check out this thread:
However that said, what device will be responsible for NAT? The upstream cable/dsl-modem or the MAS?
Re: ACL advice
05-06-2014 09:07 AM
Thanks for the link. I will take a look at the thread.
NAT will depend on the device deployed that the location. In some cases it will be at the modem in others this will happen at the MAS.