Last $dayjob$ before current I pushed the guest network to a DSL line and put a cheap Linksys SOHO router on it. Kept the Production as closed as possible and guest had hours of operation. I found our "neighbors" using our guest on more than a couple of occasions. Politics plays a big part in these decisions. I went at it that we were using x% of the T1 on average with y% being used at peak. Since y was at or near capacity it was not hard to convince the powers that be that we would have to restrict what the staff was doing or put guest out on their own. I did get permission to place limits on where we would secure the guest network before I even got it operational. I was able to show our neighbor's signal strength would allow them to connect. Jon > Date: Wed, 6 Feb 2013 11:36:00 -0800 > Subject: OT: Guest network security > From: [email protected] > To: [email protected] > > All, > > Quite some time ago, I set up an unsecured guest VLAN in our network, > providing wireless access to all of the sundry devices that staff and > visitors carry. I set up a small FreeBSD machine to serve IP addresses > via DHCP, and that was dead simple. > > It is a layer2 VLAN, traversing our backbone, and terminating on our > corporate firewall. > > However, there are now other tenants in our building, and the subnet > is getting too much bandwidth and address consumption - the range I > set up is completely filled, and the VLAN is consuming about half of > our Internet pipe, which is far too much for my comfort. > > I suspect the other tenants are leeching. > > What I've read of captive portals seems to indicate that the portal is > part of the firewall. I could be wrong about that, though. Regardless, the > corporate firewall will not be allowed to be part of this solution. > > The only other alternative I see right now is to set up a password on > the SSID, and have the front desk hand it out to guests, after mailing > it to staff, and I'm getting pushback on that from my manager. > > Does anyone have some ideas I could pursue on this? > > Thanks, > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
--- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
