M and MSM Series

MSM 760 Corporate and Guest Network

 
MicroRichard
Occasional Contributor

MSM 760 Corporate and Guest Network

Hi,

 

Our topology is in inline mode. Internet Port connected to Public IP and Lan Port to the core switch.

 

Both DHCP for Corporate and Guest Network is coming from the Wireless Controller.

 

Corporate Network 192.168.1.0

 

Created Vlan 10 for Guest Network and assigned IP Interface 1921.68.10.1 on the wireless controller

 

Created VSC Profile Guest and has a dhcp server that give 192.168.10.2 - 192.168.10.254

 

VSC Profile Guest

* Access Controller - Checked

* Authentication - Checked

* Wireless Security Feature - Checked

* Html Authentication - Checked

 

The problem is when I created the attribute at Public Access > Attribute and create

 

ACCESS-LIST              guest,DENY,all,192.168.1.0/24,all

ACCESS-LIST              guest,ACCEPT,all,all,all

USE-ACCESS-LIST    guest

 

After configuring this, I can still access the corporate network from the guest network.

 

I also tried using account profile and assigning access-list listname guest to the account profile. And creating a user and binding the account profile to it.

 

But still I cannot seperate the 2 networks.

 

What can you suggest?

 

Thanks

 

2 REPLIES 2
Ck1000
Occasional Advisor

Re: MSM 760 Corporate and Guest Network

Hello,

 

Why do you use access-list from the controller for the communication between two vlans ?

 

The best according to me is to manage vlan from your core switch and block communications between your vlan 10 (Guest) and your Vlan Corporate.

 

Regards.

MicroRichard
Occasional Contributor

Re: MSM 760 Corporate and Guest Network

Im doing this because I would like to use a single SSID. Then I will have guest account and corporate accounts. Corporate accounts can acceess the network, and guest account will be prohibited.

So. its like a per account access-list that is based on attributes