This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Guest SSID Internet only

Guest SSID Internet only

TerrierJim
New Contributor

‎07-25-2019 03:11 PM

Hi

I need to configure an SSID for guest access, where the clients authenticate with a PSK and have no access to any other local networks or clients, simply internet access only.

I can see there is an option in the help file for my AP (7522) called 'Only Internet Access', which looks like it would do the job perfectly. However, this option does not appear anywhere on my screen when configuring a new Wireless LAN.

Any idea why this option is absent?

Thanks
0 Kudos
5 REPLIES 5

ckelly
Extreme Employee

‎07-26-2019 12:30 PM

I see now. This is actually part of the Swift UI.
You're right though. It does list the option to do what you want in the help section (very clearly) but the option is not given in the actual WLAN configuration section in the Swift UI.
I suspect that it was a feature that was planned to be added but never made it. The Swift UI was designed to be a simpler interface and was used for a different product line that was cancelled after a while, but the UI itself continues to be used as the default UI on APs.
You can choose to change the UI to the Enterprise GUI though if you wish.
Configuration->Access Points->(check the box for the AP)->Tools->Load the Enterprise User Interface
reboot.
Bottom line, the Swift UI itself is no longer being developed and getting this feature added will not happen. I didn't even realize it was there in the Help section, but agree that it would have been nice to actually have that as a check-box option.
0 Kudos

TerrierJim
New Contributor

‎07-25-2019 04:45 PM

If you click on the help icon in the top-right corner when on the Configuration -> Wireless page, go to part 4. and scroll down you should see the 'Only Internet Access' section.
0 Kudos

ckelly
Extreme Employee

‎07-25-2019 03:56 PM

Normally, the easiest way to implement this using just an AP is to create an IP ACL and apply it as an inbound firewall rule within the WLAN configuration. With it, users connecting to that WLAN would only have access to things like the DHCP server, DNS, the gateway, etc, and all other access would simply be denied.

Regarding the "Only Internet Access" can you share where in the Help file you're seeing this?
0 Kudos

TerrierJim
New Contributor

‎07-25-2019 03:43 PM


Thanks Chris, I already saw that post earlier, and I have tried implementing a Guest network with VLANs, DHCP on the AP, NAT, ACLs etc., however the ACLs aren't taking effect. Guest clients can still access the default VLAN/corporate LAN.

In any case, it should be much simpler than this. On a Meraki AP it's much easier. You have an option to enable NAT with DHCP and the firewall rule to block access to local LAN, and it just works.

I'm more curious as to why the 'Only Internet Access' shown in the help file is missing from the AP config page.
0 Kudos
GTM-P2G8KFN