Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Secure Guest VLAN

SOLVED
Go to solution
doubleH
Regular Advisor

Secure Guest VLAN

Hello,

I worked with Jarret on getting IDM to work the way I want to (having domain users logon and get assigned to a guest vlan that has DHCP/DNS/HTTP) (http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1256455)

My next step that I need assistance is similar, but instead of domain users I am testing with a laptop and loggin on to the laptop as a local user to simulate a guest coming into my building a using his laptop on my guest vlan. When put the laptop on the network it goes into the guest vlan immediately which is great. The bad part is that the user is not being restricted from VLANS they should not have access to. Any recommendations?

Thanks!
5 REPLIES
Matt Hobbs
Honored Contributor

Re: Secure Guest VLAN

You could create some ACL's on the Guest VLAN router. Use some Deny statements to deny access to all of your other VLANs, and then at the end use a permit ip any any which should give them access to the Internet.
doubleH
Regular Advisor

Re: Secure Guest VLAN

yeah that is what i thinking. so i'll create a static access-list for the readl guests and use IDM for my domain users to controll what they can access. i'll give that a try.

thanks
doubleH
Regular Advisor

Re: Secure Guest VLAN

well i tried creating a static access list and have assigned it to my guest VLAN (VLAN 8), but the ACL is not working. I can get access to all vlans. i've attached the config of my two core configurations. note my network consists of 2 cores. all workstations are attached directly to the core.
Jarret Workman
Frequent Advisor
Solution

Re: Secure Guest VLAN

Hi doubleH,

Try applying your guest ACL as in instead of out on vlan 8.

I think that should do the trick.

Regards,

Jarret
doubleH
Regular Advisor

Re: Secure Guest VLAN

that did it. thanks again!