Guest Wireless

Discussion in 'Wireless Networking' started by Jordan, Nov 15, 2006.

  1. Jordan

    Jordan Guest

    We have guests that come into the building that need Internet access so we
    wanted to find some solution that:

    1. Cover the whole 33,000 sq ft single floor building.
    2. If it is multiple APs then be centrally managed.
    3. Allow the quick creation of access accounts for the guests.
    4. Expire the accounts automatically after a certain period (minutes, hours,
    days)
    5. Still allow or should I say "force" my internal users onto our network
    while keeping the guests off our network.

    The reason I want to force our internal users onto our network is because we
    monitor and filter their access through and ISA Server which prevents them
    from downloading programs, questionable content, etc.
     
    Jordan, Nov 15, 2006
    #1
    1. Advertising

  2. Quick analysis I would say you would need to look into getting multiple Cisco
    Ap's along with using a tool like WCS system to control monitoring and
    deployment. There are cheaper solutions but it depends on how much of
    LOS(line of sight) you have in a large area like this.

    Now for username management obviously depending on how many "guest" you have
    comming in this could become very tedious and it also depends on where you
    want them to authenticate on the domain or outside in a seperate DMZ safe
    zone.

    I would suggest unless you want to go the TACAS or RADIUS type
    authentication is to setup a type service where the guest have to fill out a
    short form and authenticate to a seperate server all together. There are
    opensource packages out there setup for a one disc cd boot of these type
    systems along with controls on time, where they can go etc. It basically
    breaks down to the server becomming a proxy to the guest users and allowing
    only what you want and when you want.

    Keeping this network seperate from any sort of production server on the
    network or private would be your best option.

    If you want some suggestions on this let me know but I need a little more
    information on which direction you want to go.

    Michael

    "Jordan" wrote:

    > We have guests that come into the building that need Internet access so we
    > wanted to find some solution that:
    >
    > 1. Cover the whole 33,000 sq ft single floor building.
    > 2. If it is multiple APs then be centrally managed.
    > 3. Allow the quick creation of access accounts for the guests.
    > 4. Expire the accounts automatically after a certain period (minutes, hours,
    > days)
    > 5. Still allow or should I say "force" my internal users onto our network
    > while keeping the guests off our network.
    >
    > The reason I want to force our internal users onto our network is because we
    > monitor and filter their access through and ISA Server which prevents them
    > from downloading programs, questionable content, etc.
    >
    >
    >
    >
    >
     
    =?Utf-8?B?TWljaGFlbA==?=, Nov 15, 2006
    #2
    1. Advertising

  3. Jordan

    David Hettel Guest

    First I'd ask do we really need to cover the whole 33,000 sq ft building? Or
    could they be directed to a number of areas within the building to access
    the internet. If they do need access from the entire 33,000 square feet then
    I believe you'll need wireless. I'm not at all sure you'll find a quick and
    easy way to do what you want. I suggest that you read this newsgroup, you'll
    soon see that for many wireless is not easy. As they are *guest* I'm
    assuming that you don't control their hardware, so you'll need a wireless
    solution that works with a large number of different hardware
    configurations.

    I'd suggest that you create a MAC address list for your hardware, and find a
    wireless solution that supports denying access to certain MAC address. Use
    your hardware MAC address list to keep your employees off the system.
    Another option might be to give your employees hardware that does not
    support the guest system hardware. Your computers use 802.11a radios and
    the guest system uses 802.11b/g radios.

    Any system that is easy to setup for visitors will be also be easy for your
    employees that so desire to gain access to IMHO. So make their be little
    reason for your employees to want to gain access to it. Make it slow and
    filtered as well.

    --
    David Hettel

    Please post any reply as a follow-up message in the news group for everyone
    to see. I'm sorry, but I don't answer questions addressed directly to me in
    E-mail or news groups.

    Microsoft Most Valuable Professional Program
    http://mvp.support.microsoft.com

    DISCLAIMER: This posting is provided "AS IS" with no warranty of any kind,
    either expressed or implied, made in relation to the accuracy, reliability
    or content of this post. The author shall not be liable for any direct,
    indirect, incidental or consequential damages arising out of the use of, or
    inability to use, information or opinions expressed in this post and confers
    no rights.


    "Jordan" <> wrote in message
    news:%...
    > We have guests that come into the building that need Internet access so we
    > wanted to find some solution that:
    >
    > 1. Cover the whole 33,000 sq ft single floor building.
    > 2. If it is multiple APs then be centrally managed.
    > 3. Allow the quick creation of access accounts for the guests.
    > 4. Expire the accounts automatically after a certain period (minutes,
    > hours, days)
    > 5. Still allow or should I say "force" my internal users onto our network
    > while keeping the guests off our network.
    >
    > The reason I want to force our internal users onto our network is because
    > we monitor and filter their access through and ISA Server which prevents
    > them from downloading programs, questionable content, etc.
    >
    >
    >
    >
     
    David Hettel, Nov 15, 2006
    #3
  4. Jordan

    Don Grover Guest

    Easest way is to stick a seperate broadband connection in, different subnet
    ect, that way you keep all seperate and can control access times independant
    of internal lan.
    May cost you $25 a month but management time sved would cover this cost.
    Don


    "Jordan" <> wrote in message
    news:%...
    > We have guests that come into the building that need Internet access so we
    > wanted to find some solution that:
    >
    > 1. Cover the whole 33,000 sq ft single floor building.
    > 2. If it is multiple APs then be centrally managed.
    > 3. Allow the quick creation of access accounts for the guests.
    > 4. Expire the accounts automatically after a certain period (minutes,
    > hours, days)
    > 5. Still allow or should I say "force" my internal users onto our network
    > while keeping the guests off our network.
    >
    > The reason I want to force our internal users onto our network is because
    > we monitor and filter their access through and ISA Server which prevents
    > them from downloading programs, questionable content, etc.
    >
    >
    >
    >
     
    Don Grover, Nov 15, 2006
    #4
  5. "Jordan" wrote:
    > We have guests that come into the building that need Internet access so we
    > wanted to find some solution that:
    >
    > 1. Cover the whole 33,000 sq ft single floor building.
    > 2. If it is multiple APs then be centrally managed.
    > 3. Allow the quick creation of access accounts for the guests.
    > 4. Expire the accounts automatically after a certain period (minutes, hours,
    > days)
    > 5. Still allow or should I say "force" my internal users onto our network
    > while keeping the guests off our network.


    Use APs that have "dual personality" capability: such AP has two or
    more SSIDs; for guest access you can configure a SSID with no security,
    and for internal users - another SSID with proper security;
    the AP then separates the traffic to a public internet router
    or your internal LAN.

    Guest accounts can be identified by MAC address and kicked off
    after some time; maybe there even are APs wih this capabiluty.
    Otherwise you can make a SNMP based utility for this.

    > The reason I want to force our internal users onto our network is because we
    > monitor and filter their access through and ISA Server which prevents them
    > from downloading programs, questionable content, etc.


    It is enough to inform the employees that connecting to the guest network
    and downloading stuff from internet violates the company's IT policy.
    You can't prohibit them from doing this by any _reasonable_ technical means.
    ( there are also _unreasonable_ means, which IMHO are too restrictive and
    expensive.)

    Regards,
    --PA
     
    =?Utf-8?B?UGF2ZWwgQS4=?=, Nov 16, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. white_cs
    Replies:
    1
    Views:
    2,191
    white_cs
    Jun 6, 2005
  2. Dede
    Replies:
    5
    Views:
    7,178
    Hansang Bae
    Jun 3, 2005
  3. =?Utf-8?B?TWF0dA==?=

    Enabling wireless internet access for the Guest account

    =?Utf-8?B?TWF0dA==?=, Jan 24, 2006, in forum: Wireless Networking
    Replies:
    5
    Views:
    24,198
    Frank Schwieterman [MSFT]
    Jan 25, 2006
  4. Netorius77
    Replies:
    1
    Views:
    993
    Jack \(MVP-Networking\).
    May 4, 2008
  5. Fantine

    Wireless Internet Access for Guest Account

    Fantine, Jul 7, 2008, in forum: Wireless Networking
    Replies:
    3
    Views:
    1,156
    smlunatick
    Jul 7, 2008
Loading...

Share This Page