Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest Wireless Network

Hello,

Is anyone aware of a way, "except for not broadcasting the SSID", to prevent clients from Inadvertently obtaining an IP address on a guest wireless network?

We are using two pair of 5508's for anchor controllers, and we're close to reaching our limit of 14k clients.  While researching, we've found a number of addresses that are being handed out, are mobile devices with their WIFI enabled, walking through our facilities, but not necassarily wanting to use the guest WIFI.

We would like to somehow not have the devices obtain an IP, unless they truly want to connect.  All I've been able to come up with is not to broadcast the SSID, which senior managment feels is not acceptable.

Thanks

7 REPLIES

Guest Wireless Network

The other option would be to add a PSK to the WLAN.  This way you can still broadcast the SSID, but the client has to configure the PSK to be able to get on the network and get an IP address.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Guest Wireless Network

That's a really good question. I have the same concern at our orginazation.

What do you have your DHCP lease time set to? I don't know if that will help with actually associated clients but it will help if you are running out of IPs.

New Member

Guest Wireless Network

Our lease time is set to 5 minutes, but we still have the issue.

Stephen, I was not aware that using a PSK would prevent users from getting an IP, I will see if this an acceptable solution.

Thank you

Guest Wireless Network

it does but it doesn't.

The PSK makes the cleint have to configure the PSK for the SSID to be able to connect.  BUt once it's configured unless they 'forget' the network, they will be able to get an address on next visit.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Guest Wireless Network

Check out Web-Auth with Passthrough. You can use a local "Terms and Conditions" page that requires manual user intervention in order authenticate and get an IP.

This won't help with getting tons of unwanted associations, but it will reduce your DHCP load.

New Member

Re: Guest Wireless Network

You could also move your guest WLAN to a large chunk of private IP space and just NAT/PAT to a portion of your public IP space. This is how we solved our issue.

Sent from Cisco Technical Support iPhone App

New Member

Guest Wireless Network

Hi,

you can on the create on WLC, a separate dummy L3 interface (192.168.250.0/24 and a VLAN thet is not on Your LAN "3333") and WLAN with the name "1"

The DHCP is configured on 5508 with a lease of 240s.

The SSID appears first in the selection. and the clients will connect to the.

Your SSID can be broadcast and the user can select the need.

miro

368
Views
1
Helpful
7
Replies