Prevent corporate users from accessing guest network?

Unanswered Question

We have two SSIDs - one for the corporate network and one for the guest network.

The corporate network uses PEAP for authentication and the Guest is open (separate vlans, etc).

I need a way to keep the corporate users off of the guest network (so they can't avoid web filtering, etc.)

Is there a way to do this via MAC exclusions or something?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
lee.messenger Thu, 09/20/2007 - 01:13
User Badges:

Hi John,

would be very interested in an answer to this also.


scottwilliamson Thu, 09/20/2007 - 07:54
User Badges:

Hi John,

My manager asked me this question and I told him that the corporate users wouldn't be able to get past the web authentication as they wouldn't know any guest access account details. However, I'd also welcome a more informed answer as I feel there may be flaws in this idea.



andrew.brazier@... Fri, 09/21/2007 - 06:38
User Badges:
  • Bronze, 100 points or more

We solved this problem by using a Windows GP to push out incorrect settings for the guest wireless SSID so that even if corporate users tried to connect they were unable to. Eg; if the guest VLAN uses WPA security we pushed out settings for it's SSID that specified WEP. Unfortunately this only works if you're using the Windows wireless configuration tool on your clients.

MIKE GLASS Fri, 09/21/2007 - 12:15
User Badges:

Hi John,

What I found was when using WEB auth on a guest WLAN the controller with automatically use your AAA server if a local guest account is not found. That is if you have AAA servers setup on your WLC. I had to block my corporate users access to my Guest WLAN through my AAA server. Cisco TAC did confirm this is how the WLC will operate.

Hope this helps!


This Discussion



Trending Topics - Security & Network