Would not MAC filtering be a bit intensive for what he wants? If you could reverse filter that would be the way to go. Jon > From: [email protected] > To: [email protected] > Subject: RE: Guest network security > Date: Wed, 6 Feb 2013 19:49:23 +0000 > > Kurt, > > Even with the password idea, you would have to rotate it daily if not weekly > or someone will just leave it out where others can gain access. Honestly, > anyone smart enough with AirCrack could get the password you put on the SSID. > > You could limit the DHCP scope to say 64 address and that might help limit > the scope or number of people that can get on the Wireless network, or setup > MAC filtering ( Again can bypass that with MAC Spoofing) but it would be a > bit more manual process. > > I am thinking your idea about a portal process and authorization is probably > the way to go, > > Z > > Edward E. Ziots, CISSP, Security +, Network + > Security Engineer > Lifespan Organization > [email protected] > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this message, > but are not the intended recipient, nor an employee or agent responsible for > delivering this message to the intended recipient, you are hereby notified > that you are strictly prohibited from copying, printing, forwarding or > otherwise disseminating this communication. If you have received this > communication in error, please immediately notify the sender by replying to > the message. Then, delete the message from your computer. Thank you. > > > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Wednesday, February 06, 2013 2:36 PM > To: NT System Admin Issues > Subject: OT: Guest network security > > All, > > Quite some time ago, I set up an unsecured guest VLAN in our network, > providing wireless access to all of the sundry devices that staff and > visitors carry. I set up a small FreeBSD machine to serve IP addresses via > DHCP, and that was dead simple. > > It is a layer2 VLAN, traversing our backbone, and terminating on our > corporate firewall. > > However, there are now other tenants in our building, and the subnet is > getting too much bandwidth and address consumption - the range I set up is > completely filled, and the VLAN is consuming about half of our Internet pipe, > which is far too much for my comfort. > > I suspect the other tenants are leeching. > > What I've read of captive portals seems to indicate that the portal is part > of the firewall. I could be wrong about that, though. Regardless, the > corporate firewall will not be allowed to be part of this solution. > > The only other alternative I see right now is to set up a password on the > SSID, and have the front desk hand it out to guests, after mailing it to > staff, and I'm getting pushback on that from my manager. > > Does anyone have some ideas I could pursue on this? > > Thanks, > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
--- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
