I am implementing an enterprise wireless network for my company. I am planning on setting up one secured corporate wlan for employee and one open guest wlan for the guest/contractor/vendor. Is there a way I can prevent my employee jump from the secured wlan to the guest wlan? Thanks.
Config 2 SSID.1 SSID will be for corporate and another one will be guest.
AP:dot11 ssid Corp
AP:dot11 ssid Guest
And make the corp SSID secured,Apply the WEP key to Dotinterface 0, apply the same to that SSID.
Create an access list which will block access guest N/W from secure WLAN,Apply the same to partcular S/W port.I hope this will help you.Pls rate the same
Thanks. But how would I prevent user configures their laptop to connect to the Guest ssid manually since the Guest ssid is wild open?
Unless you want to do some sort of MAC address blocking or 802.1x authentication, you can't. A public access point is open to anyone, even those you want to have connect to the secure one. This is one of those things thats best handled by user training.
i am new in wireless. my question is: does a accesspoint support only one LWAPP(tunnels)to a WLC?
thanks for answers
LWAPP also defines the tunneling mechanism for data traffic.
A LAP discovers a controller with the use of LWAPP discovery mechanisms. The LAP sends an LWAPP join request to the controller. The controller sends the LAP an LWAPP join response, which allows the AP to join the controller. When the LAP joins to the controller, the LAP downloads the controller software if the revisions on the LAP and controller do not match. Subsequently, the LAP is completely under the control of the controller. LWAPP secures the control communication between the LAP and the controller by means of a secure key distribution. The secure key distribution requires already provisioned X.509 digital certificates on both the LAP and the controller. Factory-installed certificates are referenced with the term "MIC", which is an acronym for Manufacturing Installed Certificate. Cisco Aironet APs that shipped before July 18, 2005, do not have a MIC. So these APs create a self-signed certificate (SSC) when they are upgraded in order to operate in lightweight mode. Controllers are programmed to accept SSCs for the authentication of specific APs.
Pls Refer the docu..
Keep an eye out on my blog about secure guest access for enterprise wireless networking using WLCs. I'm working on a project like this right now and some configuration guidelines along with an overview are available here:
Create a dynamic interface,say GuestVLAN at your WLC and connect it to router or firewall.and have your router or firewall act as a DHCP for this GuestVLAN interface,eg. 192.168.1.0 network.
Meanwhile you may use your Management interface subnet for your Internet Network. eg. 188.8.131.52 network
hope this clear your doubt