cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
899
Views
1
Helpful
7
Replies

Guest Wireless Network

shane.clark2
Level 1
Level 1

Hello,

Is anyone aware of a way, "except for not broadcasting the SSID", to prevent clients from Inadvertently obtaining an IP address on a guest wireless network?

We are using two pair of 5508's for anchor controllers, and we're close to reaching our limit of 14k clients.  While researching, we've found a number of addresses that are being handed out, are mobile devices with their WIFI enabled, walking through our facilities, but not necassarily wanting to use the guest WIFI.

We would like to somehow not have the devices obtain an IP, unless they truly want to connect.  All I've been able to come up with is not to broadcast the SSID, which senior managment feels is not acceptable.

Thanks

7 Replies 7

Stephen Rodriguez
Cisco Employee
Cisco Employee

The other option would be to add a PSK to the WLAN.  This way you can still broadcast the SSID, but the client has to configure the PSK to be able to get on the network and get an IP address.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

That's a really good question. I have the same concern at our orginazation.

What do you have your DHCP lease time set to? I don't know if that will help with actually associated clients but it will help if you are running out of IPs.

Our lease time is set to 5 minutes, but we still have the issue.

Stephen, I was not aware that using a PSK would prevent users from getting an IP, I will see if this an acceptable solution.

Thank you

it does but it doesn't.

The PSK makes the cleint have to configure the PSK for the SSID to be able to connect.  BUt once it's configured unless they 'forget' the network, they will be able to get an address on next visit.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

roboton666
Level 1
Level 1

Check out Web-Auth with Passthrough. You can use a local "Terms and Conditions" page that requires manual user intervention in order authenticate and get an IP.

This won't help with getting tons of unwanted associations, but it will reduce your DHCP load.

thomas03usmcsf
Level 1
Level 1

You could also move your guest WLAN to a large chunk of private IP space and just NAT/PAT to a portion of your public IP space. This is how we solved our issue.

Sent from Cisco Technical Support iPhone App

Hi,

you can on the create on WLC, a separate dummy L3 interface (192.168.250.0/24 and a VLAN thet is not on Your LAN "3333") and WLAN with the name "1"

The DHCP is configured on 5508 with a lease of 240s.

The SSID appears first in the selection. and the clients will connect to the.

Your SSID can be broadcast and the user can select the need.

miro

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: