In a deployed wireless local area network (WLAN) supporting layer-3 mobility, there are three main components including Access Points (APs), Wireless Domain Service (WDS) on the Wireless LAN Service Module (WLSM), and Layer-3 Mobility Module (L3MM) on Route Processor. The Access Point (AP) in the wireless LAN is configured to provide a communication link (for example, a radio connectivity) to a Mobile Node (MN) on the wireless LAN. In addition, the Access Points (APs) also are configured for network connectivity to the wireless domain service (WDS) for control plane signaling and to the central switch (CS) to tunnel the mobile node's (MN) data traffic through the wired LAN. The control traffic is terminated at the wireless domain service (WDS) and the data traffic sourced by and destined to the Mobile Nodes (MNs) is tunneled between the Access Point (AP) and Central Switch (CS) using multipoint Generic Routing Encapsulation (GRE) tunnels (mGRE tunnels). The layer-3 mobility module (L3MM) on the router processor of the central switch is configured to handle the management of multipoint GRE tunnels (mGRE tunnels) to the access points (APs).
Moreover, in the wireless local area network (WLAN), the wireless domain service (WDS) is configured to actively interact with the layer-3 mobility module (L3MM) and the access points (APs). That is, the wireless domain service (WDS) is configured to handle the mobile node (MN) authentication and to maintain the session states for each mobile node (MN) connected to the respective access points (APs) in the wireless local area network (WLAN).
In the wireless local area network (WLAN) such as described above, it would be desirable to have method and system for configuring the central switch (CS) to provide guest access so provide substantially basic functionality for the majority of the networks to securely redirect guest traffic to, for example, a login web page, and after authentication, to securely and easily route the guest traffic to, for example, the sub-network that resides between a trusted internal network (for example, a corporate private LAN), and an untrusted external network such as the internet.