how to block local access guest-portal

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
             We are using v2100 identify controller. We create captive portal its using our Guest.
once the Guest is connected the portal he can access my internal network also. any option to block  my internal  network. i need Guest only use internet.    
Photo of Mohammed Jasheer

Mohammed Jasheer

  • 916 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Ralf


  • 514 Points 500 badge 2x thumb

Hi Mohammed,

we have two separate SSIDs for internal and guest and both have separate VLANs. The VLAN/SSID with the guest user is not routed to our internal net.

Additional: you can use the policy rules (VNS Configuration on the Controller) to deny or allow traffic to/from the Networks.

Regards, Ralf

Photo of Karthikeyan M

Karthikeyan M, Systems Engineer

  • 546 Points 500 badge 2x thumb

Follow the below links for configuration

To block your internal networks you have to make sure your guest's authenticated roles are:
1. Setup rules to block internal subnet or
2. Contain to VLAN

Karthikeyan M.
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Nice call out Karhikeyan.

We're in the process of migrating these Videos to GTAC Knowledge and in the near future, starting to release some new ones.  Our Community Manager, Drew C. and a colleague are busy prepping them now.

We believe this will make them easier to find going forward for those who believe in a little purple in their network!
Photo of Ostrovsky, Yury

Ostrovsky, Yury, Employee

  • 3,050 Points 3k badge 2x thumb
Hi Mohhamed , 
another method would be to bring your DMZ to the second port of your Wireless Controller (even if its Virtual 2110 controller , you just assign in in your ESXi server) . Then assign this Topology as Default Topology on your Guest WLAN Service . By doing that you physically separating your Corporate network from the Guest access .