SSID for Internet Only Access?

  • 1
  • Question
  • Updated 3 years ago
We have an SSID that we are setting up for our guest users, it is currently open with a Captive Portal. I have looked all over the SSID on where to "tunnel" this SSID just for Internet access only and no internal access but cannot find it. Does anyone know where to point me to the right direction on where to find this option?
Photo of Cody


  • 1 Post
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Crowdie

Crowdie, Champ

  • 960 Posts
  • 269 Reply Likes
Once a guest successfully authenticates to the SSID/captive portal they will be placed into a user profile.  Within the user profile you can configure the layer seven firewall in each of the access points.

From your terminology I am assuming that you more commonly work with controller based wireless vendors.  Not being a big fan of captive portals I would recommend that you change from open authentication/captive portal to a private PSK based guest SSID as:

* Open authentication/captive portal based guest wireless networks are extremely open to man in the middle attacks.  It is now so easy that any open authentication/captive portal wireless network should be considered insecure.

* Captive portals create issues with smartphones and tablets which can result in the login splash screen not appearing and/or random disconnects.
Photo of Dawn Douglass

Dawn Douglass

  • 67 Posts
  • 3 Reply Likes

I set up this IP firewall in the guest user profile.  It allows access to printers, internet (default gateway), DNS and DHCP.