edbisw
MIS
- Jun 3, 2008
- 47
I have a WAP hanging off Eth 7 (a PoE port, which the Netgear WAP support) and want to DMZ this port.
But I also do NOT want the internal LAN (10.x.x.x network) to reach it at all. The WAP will be on 192.168.1.x and run DHCP. This is for guest access, so I don't want them seeing the 10.x.x.x network at all.
What I have so far is:
----
interface vlan 10
nameif dmz
security-level 50
ip address 192.168.1.10 255.255.255.0
no shutdown
int e0/7
switchport access vlan 10
----
But I saw "switchport protected" and thought I just needed that to block access, however the VLAN is 1 for the 10.x.x.x network and I understand that command only works if they are on the same VLAN.
Do I just use ACLs to block the traffic between the VLANs?
-Ed
But I also do NOT want the internal LAN (10.x.x.x network) to reach it at all. The WAP will be on 192.168.1.x and run DHCP. This is for guest access, so I don't want them seeing the 10.x.x.x network at all.
What I have so far is:
----
interface vlan 10
nameif dmz
security-level 50
ip address 192.168.1.10 255.255.255.0
no shutdown
int e0/7
switchport access vlan 10
----
But I saw "switchport protected" and thought I just needed that to block access, however the VLAN is 1 for the 10.x.x.x network and I understand that command only works if they are on the same VLAN.
Do I just use ACLs to block the traffic between the VLANs?
-Ed