For guest access, we installed a wlc-4402 in our DMZ and use the guest ssid to allow 'guests' to access the internet. We allowed our HD to create accounts using the lobby ambassador account. Users seeking guest access simply visit our HD where they in turn create the accounts for a set limited time. All of our other users use the ssid's we created for network access using both WEP and WPA via Web Authentication against our Radius servers.
Thank You, George A Cantu 210.829.6002 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Williams, Mr. Michael Sent: Tuesday, September 15, 2009 1:50 PM To: [email protected] Subject: [WIRELESS-LAN] Guest WLAN Configuration We purchased a Cisco WISM and the WCS software to form a centralized wireless network. We are planning on putting it into production during the next semester break. Most of our FAT APs (80+)have been upgraded and are now controlled by the WISM. We currently only have one SSID (no encryption) with all network traffic feeding into out Bluesocket authentication gateway. We plan on setting up multiple networks, one for encrypted access and another for guest access. The question I have is as follows: How do most folks handle guest access? I want to create a guest VLAN and restricted access to the internet only (DNS, HTTPS, HTTP), but is this the best way to approach this? My users just use their network credentials to access to wireless network, I want to encourage (force) them to use the new encrypted network. My intent is to configure the current SSID to require WPA/WPA2 and create a new SSID for guest access, this should steer most folks towards the encrypted network. Any lessons learned on guest access you would like to share? Thanks Mike v/r Michael M. Williams Network Systems Analyst Information Technology Services Tarleton State University 201st St. Felix Str. Box T-0220 Stephenville, TX Tel: (254) 968-1850 Fax: (254) 968-9393 [email protected] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ________________________________ This email and any files transmitted with it may be confidential or contain privileged information and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient, please be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email and any attachments is strictly prohibited. If you have received this email in error, please immediately delete the email and any attachments from your system and notify the sender. Any other use of this e-mail is prohibited. Thank you for your compliance. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
