cancel
Showing results for 
Search instead for 
Did you mean: 

Guest WLAN exception

ashour_shamoon
New Contributor II

Hello,

I have two WLANs in my zone. One for our employees and one for guests/ employee mobile devices.

We wanted to have a Guest WLAN that was isolated and we wanted mobile devices on it as well. The issue I am having is that when people are not at their desk but a different office or building, they cannot access their email (we have an on-site email server). 

I have tried to do a whitelist exception but cannot because I am running DHCP/ NAT services. Is there another option? I was thinking maybe a L3 Access Control policy?

6 REPLIES 6

syamantakomer
Moderator
Moderator

Hi,

In this case you can create a standard WLAN and then create the isolation using L3 ACLs. This is the only way.

Regards,
Syamantak Omer
Official Rep | Staff TSE | CWNA | CCNA | RASZA | RICXI

ashour_shamoon
New Contributor II

Ok, that is what I was starting to think...

I do have a question though, I am using a Virtual SmartZone, On the L3 Access Control, can I do a range of IPs? or would this have to be a 1:1?

Image_ images_messages_61404b3e44197d015aaa1866_62f81a3e88df1f877ad73d4ad2791181_L3-f7acf1f6-6056-4832-b805-e02e1883ea8c-2070602494.PNG

ashour_shamoon
New Contributor II

I guess what I am trying to figure out is

1) Do I NEED to use the source/ destination ports? 

2) Source IP: Is this the Network ID/ Subnet or the device IP and Subnet?

3) Destination IP: Destination IP/ Subnet of Server I am trying to get to?

syamantakomer
Moderator
Moderator

Hi Ashour,

If you use the toggle button, it will change the setting between single port/IP vs range.

For example, if you Turn Off the Source IP button, it will let you define single IP address. If you turn it On, you can configure whole subnet.

If you don't want to define any ports, you can leave it, because it is not a mandatory field.

If you use the combination, then access rule will be more specific.

For example, if you use source and destination both addresses, then system will allow/deny the traffic based on source and destination IP.

If you just use source or destination IP, then rule will be applicable accordingly.

Regards,
Syamantak Omer
Official Rep | Staff TSE | CWNA | CCNA | RASZA | RICXI