Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Open wireless network for guests

Unanswered Question

This is mostly a design question...

I need to implement an open wireless access point for visitors who comes to our office for a few days or a few hours. i.e something simple to use for these people who are generally executives or clients and who do not have time to wait for IT to setup a secure access on their computer. Most of these people only wants to access their Web Email, make a VPN to their head office or surf the internet.

I do not want to provide a public Hot Spot for all the neighbors in the building... So I think of having an https authentication before permiting any IP traffic outside that private network. The same guest password will be provided to our visitors. This password will change every weeks or months this is not a problem.

My first question is: Is it a good scenario ?

Second question: Which hardware could I use manage the authentication ? I have in mind that a PIX can perform http(s) outbound authentication, is that true ?

Thanks for your help.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
mattgioia Mon, 10/17/2005 - 10:27
User Badges:

What we've done is to setup a seperate open, unencrypted ssid on the access points and trunked it back to the network core (not using layer 3 mobility). We put a proxy/captive portal on this network that acts as the gateway. We have this device setup to do radius authentication against ACS. When a user pops up a web browser, it displays a login screen and as soon as they login, away they go.

d.beaver Tue, 10/18/2005 - 03:50
User Badges:


Are you doing DHCP from the proxy/captive portal or from your normal DHCP server? Also, where can I find more information on the Proxy/Captive portal?


mattgioia Mon, 10/24/2005 - 12:57
User Badges:

DHCP is done by the dhcp server. The captive portal, a lightweight linux distro called m0n0wall, has an entry to forward dhcp.

richkrissi Mon, 10/24/2005 - 09:23
User Badges:

You can create a Guest VLAN for your visitors. Place a PIX into your DMZ. Enable DHCP for that VLAN, and then configure your pix for HTTP authentication. I would recommend frequently changing that password.

sorvarit Sun, 10/30/2005 - 02:26
User Badges:

Check out http:\\www.publicip.net and the free ZoneCD linuxdistro that you can run on a old pc with two nics. Probably the easyest and most powerful free "ready to go" hotspot solution today? We use this on our guestnet ssid and vlan through 80+ Aironet 1231G. There have been some issues with VPN, but this will probably be fixed soon.


This Discussion



Trending Topics - Security & Network