Tenant Wireless

Answered Question
Apr 21st, 2009
User Badges:

We currently have an office building with company employees using the our wireless infrastructure.

We are going to start leasing some of the open space to tenants and we are going to offer wireless connectivity. Does anyone know where I can find documentation on best practices and configuration for this type of setup?

Correct Answer by Leo Laohoo about 8 years 6 days ago

Are you going to "share" your AP's with your clients?


You can enable some AP's to broadcast your employees-only SSID and/or tenant SSID using AP Groups (WLAN > Advanced > AP Groups).

Correct Answer by gamccall about 8 years 6 days ago

One more should be fine. You could experiment with increasing the beacon interval to reduce to total volume of beacons, but I wouldn't mess with that unless you observe problems.


I think 7 is the most SSIDs I've put on one AP, and performance was not noticeably impacted.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
gamccall Tue, 04/21/2009 - 09:48
User Badges:
  • Silver, 250 points or more

Isolate, isolate, isolate. Use VRF or PBR or, at the very least, terminate the customer vlan(s) on your firewall rather than your core router, and set up good ACLs everywhere. Use a completely different address space for your tenants if possible- i.e. if you're using network 10 put all their stuff in 192.168, or whatever. Rate limit to make sure they don't choke your pipe- and, if you feel like it, so that you don't choke theirs. Figure out how security will be handled and who'll be responsible for maintaining their user directory.

ppellettiere Tue, 04/21/2009 - 10:24
User Badges:

Thanks for the good information- I do have 1 more question..

SSIDs- I don't want to flood the network with Beacons. Is there a way to use 1 SSID with different networks or can I use MbSSIDs and segregate them?



gamccall Tue, 04/21/2009 - 10:54
User Badges:
  • Silver, 250 points or more

How many SSIDs are you looking at? If it's just two or three, I wouldn't worry about beacon volume at all. If it's more like 20, you have a challenge to work with.


Using RADIUS, you can force users into different VLANs based on RADIUS attributes regardless of which SSID they connected on. So that's an option... but without extensive testing I'm not sure I'd rely on the security of that sort of implementation.

ppellettiere Tue, 04/21/2009 - 11:10
User Badges:

Right now for our employees we use 4 SSIDs

I didn't want to go that much higher. I would like to add just one more SSID for the tenants and isolate the address space we would assign them.


Correct Answer
gamccall Tue, 04/21/2009 - 11:27
User Badges:
  • Silver, 250 points or more

One more should be fine. You could experiment with increasing the beacon interval to reduce to total volume of beacons, but I wouldn't mess with that unless you observe problems.


I think 7 is the most SSIDs I've put on one AP, and performance was not noticeably impacted.

Correct Answer
Leo Laohoo Tue, 04/21/2009 - 14:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Are you going to "share" your AP's with your clients?


You can enable some AP's to broadcast your employees-only SSID and/or tenant SSID using AP Groups (WLAN > Advanced > AP Groups).

ppellettiere Wed, 04/22/2009 - 05:07
User Badges:

Yes we are going to share the AP's. So we would want to setup the AP Groups.

We'll have to figure out which way we want to go with the broadcast.

Thanks for the information.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode