09-19-2007 10:19 AM - edited 07-03-2021 02:39 PM
We have two SSIDs - one for the corporate network and one for the guest network.
The corporate network uses PEAP for authentication and the Guest is open (separate vlans, etc).
I need a way to keep the corporate users off of the guest network (so they can't avoid web filtering, etc.)
Is there a way to do this via MAC exclusions or something?
Thanks,
John
09-20-2007 01:13 AM
Hi John,
would be very interested in an answer to this also.
Lee
09-20-2007 07:54 AM
Hi John,
My manager asked me this question and I told him that the corporate users wouldn't be able to get past the web authentication as they wouldn't know any guest access account details. However, I'd also welcome a more informed answer as I feel there may be flaws in this idea.
Regards,
Scott
09-20-2007 08:32 AM
We don't require any account information for the guest network - it is wide open - so there is nothing to prevent a corporate user from logging on.
09-21-2007 06:38 AM
We solved this problem by using a Windows GP to push out incorrect settings for the guest wireless SSID so that even if corporate users tried to connect they were unable to. Eg; if the guest VLAN uses WPA security we pushed out settings for it's SSID that specified WEP. Unfortunately this only works if you're using the Windows wireless configuration tool on your clients.
09-21-2007 08:10 AM
I use the web authenication and dont give them the user name and password. Our venders get a unique account set for certain number of days, then it goes dead.
09-21-2007 12:15 PM
Hi John,
What I found was when using WEB auth on a guest WLAN the controller with automatically use your AAA server if a local guest account is not found. That is if you have AAA servers setup on your WLC. I had to block my corporate users access to my Guest WLAN through my AAA server. Cisco TAC did confirm this is how the WLC will operate.
Hope this helps!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: