1200 AP, 3 vlans and routing question...2 secure, 1 not

Hey all.

I have a 1200 AP with 3 vlans (1,2,3) setup on it each with a unique SSID . Vlan1 and 2 are secure (well as secure as can be with WEP). Vlan3 I want to setup so anyone can just open up a laptop and hop on without dealing with keys or anything. I also want to lock down this Vlan so it can only access the internet and its own subnet no other internal address (besides helper address).

The AP is tied to a 2950 switch. The 2950 switch is tied to a 4507 catalyst via a gb interface. How can I setup routing on the 2950 switch to say route any external address out for Vlan3 but deny any internal routing on Vlan3?

Need more info let me know I will be monitoring this post.

Thnx

Reply to
Hiro
Loading thread data ...

Do you really have 3 VLAN or just 3 SSIDs?

With 3 VLANS your connections should look like: AP -QTrunk-> 2950 -QTrunk-> 4507 -VLAN3-> Internet

BTW: the 2950 is a Switch not a Router, so routing would be done (if at all) in the C4500.

So the best way is to let VLAN3 run direcly into a DMZ for Internet access and don't route it at all.

Regards Charly

Hiro schrieb:

Reply to
Charly

There is 3 VLANs setup. vlan1 is for Cisco 7920 phones. vlan2 is for data (corporate safe). vlan3 should be internet only with no internal access.

We have no DMZ setup currently. Is it possible to make an ACL for vlan3 and stop all internal requests?

Reply to
Hiro

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.