cancel
Showing results for 
Search instead for 
Did you mean: 

how to block local access guest-portal

how to block local access guest-portal

Mohammed_Jashee
New Contributor III
Hi,
We are using v2100 identify controller. We create captive portal its using our Guest.
once the Guest is connected the portal he can access my internal network also. any option to block my internal network. i need Guest only use internet.
4 REPLIES 4

Ostrovsky__Yury
Extreme Employee
Hi Mohhamed ,
another method would be to bring your DMZ to the second port of your Wireless Controller (even if its Virtual 2110 controller , you just assign in in your ESXi server) . Then assign this Topology as Default Topology on your Guest WLAN Service . By doing that you physically separating your Corporate network from the Guest access .

Mohanakrishnan_
Extreme Employee
Jasheer,

Follow the below links for configuration
https://www.youtube.com/watch?v=xQFVE3o5W6I

To block your internal networks you have to make sure your guest's authenticated roles are:
1. Setup rules to block internal subnet or
2. Contain to VLAN

Regards
Karthikeyan M.

Nice call out Karhikeyan.

We're in the process of migrating these Videos to GTAC Knowledge and in the near future, starting to release some new ones. Our Community Manager, Drew C. and a colleague are busy prepping them now.

We believe this will make them easier to find going forward for those who believe in a little purple in their network!

Ralf
New Contributor II
Hi Mohammed,

we have two separate SSIDs for internal and guest and both have separate VLANs. The VLAN/SSID with the guest user is not routed to our internal net.

Additional: you can use the policy rules (VNS Configuration on the Controller) to deny or allow traffic to/from the Networks.

Regards, Ralf

GTM-P2G8KFN