Prevent corporate users from accessing guest network?

Unanswered Question
Sep 19th, 2007
User Badges:

We have two SSIDs - one for the corporate network and one for the guest network.


The corporate network uses PEAP for authentication and the Guest is open (separate vlans, etc).


I need a way to keep the corporate users off of the guest network (so they can't avoid web filtering, etc.)


Is there a way to do this via MAC exclusions or something?


Thanks,

John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
lee.messenger Thu, 09/20/2007 - 01:13
User Badges:

Hi John,


would be very interested in an answer to this also.


Lee

scottwilliamson Thu, 09/20/2007 - 07:54
User Badges:

Hi John,


My manager asked me this question and I told him that the corporate users wouldn't be able to get past the web authentication as they wouldn't know any guest access account details. However, I'd also welcome a more informed answer as I feel there may be flaws in this idea.


Regards,

Scott

jbachert@pmchea... Thu, 09/20/2007 - 08:32
User Badges:

We don't require any account information for the guest network - it is wide open - so there is nothing to prevent a corporate user from logging on.

andrew.brazier@... Fri, 09/21/2007 - 06:38
User Badges:
  • Bronze, 100 points or more

We solved this problem by using a Windows GP to push out incorrect settings for the guest wireless SSID so that even if corporate users tried to connect they were unable to. Eg; if the guest VLAN uses WPA security we pushed out settings for it's SSID that specified WEP. Unfortunately this only works if you're using the Windows wireless configuration tool on your clients.

john.pimlott@vp... Fri, 09/21/2007 - 08:10
User Badges:

I use the web authenication and dont give them the user name and password. Our venders get a unique account set for certain number of days, then it goes dead.

MIKE GLASS Fri, 09/21/2007 - 12:15
User Badges:

Hi John,


What I found was when using WEB auth on a guest WLAN the controller with automatically use your AAA server if a local guest account is not found. That is if you have AAA servers setup on your WLC. I had to block my corporate users access to my Guest WLAN through my AAA server. Cisco TAC did confirm this is how the WLC will operate.

Hope this helps!

Actions

This Discussion

 

 

Trending Topics - Security & Network