Public wireless access - dynamic key change

Unanswered Question
Apr 8th, 2008

Hi Everyone,

Here's a bit of a quandary that I can use some help with. Our company wants to install a wireless access point in a pubic place and then publish the one word English "key" on a screen where the person must then enter it in to their laptop to obtain free access.


Guy goes in to a food court watches a TV for a minute, see a WAP key word like

"tomato" and enters it in to his laptop to get free access.

We need to be able to:

- Easily change the key on the WAP unit every day automatically.

- Regulate the amount of bandwidth avail to each user.

- Filter out inapproate content because it's a public space.

Does anyone have any suggestions?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


I hope I can answer you questions to your satisfaction:-

- Easily change the key on the WAP unit every day automatically = You might want to enable open authentication using WPA for the association (no PSK required) but the rest of the traffic is encrypted using the dynamic negotiated key, then the user fires up a web browser they are automatically redirected to the WEB Login page, where they can input a userID and the password (which is on your TV). The user can be created from a WCS (under the lobby uid) - and in the settings, the password can be auto generated in a given time period, and the new password emailed to a list of people.

- Regulate the amount of bandwidth avail to each user = you can do this by applying a QoS policy on the WLAN (assuming you are using a WLC and LWAPP)

Filter out inappropriate content because it's a public space = not thru the AP, but you could make the default gateway assigned to the client via DHCP a URL/Content filtering device, or configure a URL redirect.


dave.cason Wed, 04/09/2008 - 07:37

Hi Andrew,

Thanks for the help …..and that's part of the problem .... we don't really need the user to have a username since its a public space and ANYONE can use the WAP.

So there's no user to create and there will be no password to get in. People will obtain free public internet access via the TV that's showing the WAP key.

BTW - I have never used any Cisco products for wireless so I haven't looked at Wireless LAN Controllers yet. Also to use the lightweight access point protocols means having to have the users run the upgrade util and that obviously can't happen.

I just need to try to find a way that the wireless point is open and avail to people who add that "access code" to their laptops wireless NIC.

But then in the background also: - control content - easily change the WAP key daily - regulate bandwidth for each connection.




1) A WLC is probably not required.

2) LWAPP is the protocol used between the WLC and the AP. The client does not see this protocol

3) Auto encryption key changes = not possible, must be done manually

4) Content control = you need to look at another solution

5) Bandwdith control = QoS on the AP or QoS/traffic Shapping on the next hop router.

6) If you want people to be able to use free wireless, and you don't care who connects - just broadcast the SSID with no security.


dave.cason Wed, 04/09/2008 - 08:48

Hi Andrew,

OK, so I don't need a WLC .... I wasn't sure.

As for bandwidth that is a QoS issue that can be addressed as you suggest and the content filtering issue will have to be done via a 3ed party tool or firewall server.

Of course that just leaves the problem of changing the access key daily ….. oh well I'll have to build a scripting tool or something to do that I guess.

Anyway thanks very much for your help! I'll go look at a few of the Cisco Access Points and see if I can use a command line to change out the keys easily that might be one solution.



Hey Dave,

The cli to change the keys is very easy - scripting it....I'm not so sure you would really want to do that - but that is for you to decide.

The AP's will be in autonomous mode (without a WLC, with a WLC the AP's will use LWAPP and be managed from the WLC) which means if you have more than 1, they all need to be configured per device, not to bad if you only have a few…..but a large wireless infrastructure - then a WLC does come in very handy!

I personally like the AIR-LAP1131AG-A-K9 and AIR-LAP1242AG-A-K9 (which can handle an external Arial like AIR-ANT5959 - ceiling mounted, very nondescript)

Glad to be able to help,m




This Discussion