Main Nav

As much as I hate it, I’ve been told to setup an open wireless network for our campus.  I created a vlan with access lists that deny  all traffic to inside our network, and created the open SSID to put on it.  Traffic can flow freely now from the open wireless to the internet.


However, I’m using a public DNS for the clients and they’re unable to reach our locally hosted (NAT’d) web servers.  We’re currently using a Cisco ASA at the edge of our network which does all of our NAT’ing.  I could open up the VLAN access list a bit and allow them access to our internal DNS & web servers, but I’d rather not.


Has anyone run into this issue before?  What’s the “best practices” at this point… other than removing the public network in the first place! 


Thanks in advance,




********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at




I do not know what system you are using for wireless. Here at Liberty University, out current Guest wireless system with Aruba is setup much like the Cisco recommended system.


Guest traffic is tunneled from our local controllers to a guest anchor controller that is in a DMZ. The network firewall rules then determine what minimal inside access is allowed. Our local controllers present a captive portal page that users need to click through to accept our terms of service


Aruba’s general recommended setup uses the controller firewall to restrict inside access, as necessary.


We will be moving some of our guest wireless access to a sponsored modes, using the Aruba ClearPass Guest (formerly Amigopod) system.




Bruce Osborne

Network Engineer

IT Network Services


(434) 592-4229



Training Champions for Christ since 1971




We have a separate DNS server in our DMZ just for guest wireless.  That gives us the control to point users at the public or private IPs of necessary servers, as well as access to non-publicly advertised sites if any are needed. 


But as Bruce described, having a controller interface or anchor controller in a DMZ, is what brings it together. 



Wyatt Schill

Network Engineer

Green River CC





Connect: San Antonio
April 22–24
Register Now

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2015 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.