Extreme Networks

Mohammed_Jashee · ‎07-10-2015

Hi,
We are using v2100 identify controller. We create captive portal its using our Guest.
once the Guest is connected the portal he can access my internal network also. any option to block my internal network. i need Guest only use internet.

Ostrovsky__Yury · ‎07-10-2015

Hi Mohhamed ,
another method would be to bring your DMZ to the second port of your Wireless Controller (even if its Virtual 2110 controller , you just assign in in your ESXi server) . Then assign this Topology as Default Topology on your Guest WLAN Service . By doing that you physically separating your Corporate network from the Guest access .

Mohanakrishnan_ · ‎07-10-2015

Jasheer,

Follow the below links for configuration
https://www.youtube.com/watch?v=xQFVE3o5W6I

To block your internal networks you have to make sure your guest's authenticated roles are:
1. Setup rules to block internal subnet or
2. Contain to VLAN

Regards
Karthikeyan M.

Ryan_Mathews · ‎07-10-2015

Nice call out Karhikeyan.

We're in the process of migrating these Videos to GTAC Knowledge and in the near future, starting to release some new ones. Our Community Manager, Drew C. and a colleague are busy prepping them now.

We believe this will make them easier to find going forward for those who believe in a little purple in their network!

Ralf · ‎07-10-2015

Hi Mohammed,

we have two separate SSIDs for internal and guest and both have separate VLANs. The VLAN/SSID with the guest user is not routed to our internal net.

Additional: you can use the policy rules (VNS Configuration on the Controller) to deny or allow traffic to/from the Networks.

Regards, Ralf

Extreme Networks

how to block local access guest-portal

how to block local access guest-portal