 Re: Cisco 1231 wirless & visitor containment
On Sep 26, 8:54 pm, "P.Schuman" <pschuman_NO_SPAM...@interserv.com>
wrote:
> "Merv" <merv.hr...@rogers.com> wrote in message
>
> news:1190840921.307010.191260@k79g2000hse.googlegr oups.com...
>
>
>
> > On Sep 26, 4:22 pm, "P.Schuman" <pschuman_no_spam...@interserv.com>
> > wrote:
> > > One of my biz colleages has a Cisco 1231 wireless AP that they currently use
> > > for the computers in the office.
> > > They would like to have a separate network configured that would allow them
> > > to grant access to visitors,
> > > but only allow them to surf the web and not see or be able to touch their
> > > other machines.
> > > Is this possible with this equipment? What is this commonly called.
> > > If so, any suggestions on how to accomplish this would be appreciated.
> > > If not, what would they need to implement this.
>
> > Often referred to as " guest Internet access"
>
> > The Cisco AP1231 is able to support this
>
> > It is implemented by having a separate wireless identification code
> > for guest use ( called an SSID) that has no authentication requirement
> > (called open authentication). This SSID is mapped to its own VLAN thus
> > separating guest traffic from other traffic. This guest VLAN would
> > then need to be handled by a layer 3 switch or router that would use
> > policy based routing to ensure all the guest VLAN traffic is only
> > routed to/from Internet.
>
> thanks for the reply -
> I thought this was some client situation,
> but turns out to be his local private elementary school -
> The next basic question is what kind of switch or router is in place
> and can it handle VLAN segmentation.
> ----
>
> - A small private school
> - Separate buildings with AP's on only 2 of them. Each building has it's own
> DSL connection.
> - No Radius or any other server. One is the office, the other is a classroom
> building for 4th, 5th and the computer lab.
> - Office building is where they wanted to provide 'guest' access. They have all
> of the office users and a couple of printers on the 'network' that is controlled
> by a single AP.
> - I do have an older Cisco 350 AP that we are not using any longer, so could I j
> ust set that up with its own open SSID and somehow point that AP at the Internet
> only so if/when they connect that is all they can do?
> - Or how would I set up a VLAN scheme with perhaps 2 different SSID's to funnel
> them one way or the other since I do not have any authentication servers yet.
> That was a budget item that did not make the cut for this school year
> unfortunately and even so, that was to be a small business server for file,
> print and intranet services not a Radius server as I did not think we needed one
> of those.- Hide quoted text -
The wireless part of this is farily easy with eith a standalone AP
single SSID for guest access or a unit like the AP 1231 that will
support VLANS across a single fast Ethernet connection.
The tricky part is ensuirng that the guest traffic from either AP
setup can ONLY reach teh internet and not be able to reach the
organization production network.
So you wil need to look at the wired network to see if it supports
VLAN and policy based routing or equivalent.
 | 
Linear Mode
