cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
705
Views
2
Helpful
7
Replies

Open wireless network for guests

plepesant
Level 1
Level 1

This is mostly a design question...

I need to implement an open wireless access point for visitors who comes to our office for a few days or a few hours. i.e something simple to use for these people who are generally executives or clients and who do not have time to wait for IT to setup a secure access on their computer. Most of these people only wants to access their Web Email, make a VPN to their head office or surf the internet.

I do not want to provide a public Hot Spot for all the neighbors in the building... So I think of having an https authentication before permiting any IP traffic outside that private network. The same guest password will be provided to our visitors. This password will change every weeks or months this is not a problem.

My first question is: Is it a good scenario ?

Second question: Which hardware could I use manage the authentication ? I have in mind that a PIX can perform http(s) outbound authentication, is that true ?

Thanks for your help.

Pascal

7 Replies 7

mattgioia
Level 1
Level 1

What we've done is to setup a seperate open, unencrypted ssid on the access points and trunked it back to the network core (not using layer 3 mobility). We put a proxy/captive portal on this network that acts as the gateway. We have this device setup to do radius authentication against ACS. When a user pops up a web browser, it displays a login screen and as soon as they login, away they go.

Mattgioia,

Are you doing DHCP from the proxy/captive portal or from your normal DHCP server? Also, where can I find more information on the Proxy/Captive portal?

Thanks.

DHCP is done by the dhcp server. The captive portal, a lightweight linux distro called m0n0wall, has an entry to forward dhcp.

Which product do you use for the proxy/captive portal ?

I think of using the PIX cut-trought proxy feature. is it recommended ?

thank you.

Pascal

Check out "nocat"

It's a free system.

http://nocat.net/

Good Luck

Scott

richkrissi
Level 1
Level 1

You can create a Guest VLAN for your visitors. Place a PIX into your DMZ. Enable DHCP for that VLAN, and then configure your pix for HTTP authentication. I would recommend frequently changing that password.

sorvarit
Level 1
Level 1

Check out http:\\www.publicip.net and the free ZoneCD linuxdistro that you can run on a old pc with two nics. Probably the easyest and most powerful free "ready to go" hotspot solution today? We use this on our guestnet ssid and vlan through 80+ Aironet 1231G. There have been some issues with VPN, but this will probably be fixed soon.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: