Hello I have a security question.
I have 4 Aironet 1240AG in 3 different geographical locations with 2 SSID.
- I have 1 SSID that is not broadcast setup with WPA2/TKIP for internal users (Internal). This gives access to internal resources as well as filters all internet items through our websense applicance, IP are given from the locations main DHCP server.
- 1 have 1 SSID that our event clients utilize (Guest). This is an open network so when we have events (can have up to 100+ visitors) the attendes have a way to utilize the internet to access their VPN, Webmail, etc. This is on a segregated VLAN with no internal access and direct unfiltered internet access.
I manually configure the company laptops to use the hidden wireless with the passkey, so it is not public knowledge. We have strict policies in place on data removal from the company and I have found a potential "hole" due to the guest wireless. I do not want the laptop users to be able to join onto the Open WiFi even by accident. It is set to auto connect to internal, but since these are travelers they know how to use the wireless and could conceivably download a file using the internal network, then switch to the open network and send the file using a webmail.
My thinking was that I could set the Open network to reject specific MAC addresses, but I wasn't able to find a way right off to do this for specific SSID in the Aironet 1240AG GUI. Please let me know if this is a viable idea to ensure that company laptops only stay on the internal company network, but allow the laptop users to still manipulate their local wireless client when traveling.