Question

Guest SSID Internet only

  • 25 July 2019
  • 5 replies
  • 175 views

Hi

I need to configure an SSID for guest access, where the clients authenticate with a PSK and have no access to any other local networks or clients, simply internet access only.

I can see there is an option in the help file for my AP (7522) called 'Only Internet Access', which looks like it would do the job perfectly. However, this option does not appear anywhere on my screen when configuring a new Wireless LAN.

Any idea why this option is absent?

Thanks

5 replies

Userlevel 5
Take a look at the response here

Not familiar with the help section on "Only Internet Access". There is no single WLAN configuration option for providing this functionality.
Take a look at the response here
Not familiar with the help section on "Only Internet Access". There is no single WLAN configuration option for providing this functionality.

Thanks Chris, I already saw that post earlier, and I have tried implementing a Guest network with VLANs, DHCP on the AP, NAT, ACLs etc., however the ACLs aren't taking effect. Guest clients can still access the default VLAN/corporate LAN.

In any case, it should be much simpler than this. On a Meraki AP it's much easier. You have an option to enable NAT with DHCP and the firewall rule to block access to local LAN, and it just works.

I'm more curious as to why the 'Only Internet Access' shown in the help file is missing from the AP config page.
Userlevel 5
Normally, the easiest way to implement this using just an AP is to create an IP ACL and apply it as an inbound firewall rule within the WLAN configuration. With it, users connecting to that WLAN would only have access to things like the DHCP server, DNS, the gateway, etc, and all other access would simply be denied.

Regarding the "Only Internet Access" can you share where in the Help file you're seeing this?
If you click on the help icon in the top-right corner when on the Configuration -> Wireless page, go to part 4. and scroll down you should see the 'Only Internet Access' section.
Userlevel 5
I see now. This is actually part of the Swift UI.
You're right though. It does list the option to do what you want in the help section (very clearly) but the option is not given in the actual WLAN configuration section in the Swift UI.
I suspect that it was a feature that was planned to be added but never made it. The Swift UI was designed to be a simpler interface and was used for a different product line that was cancelled after a while, but the UI itself continues to be used as the default UI on APs.
You can choose to change the UI to the Enterprise GUI though if you wish.
Configuration->Access Points->(check the box for the AP)->Tools->Load the Enterprise User Interface
reboot.
Bottom line, the Swift UI itself is no longer being developed and getting this feature added will not happen. I didn't even realize it was there in the Help section, but agree that it would have been nice to actually have that as a check-box option.

Reply