I need to implement an open wireless access point for visitors who comes to our office for a few days or a few hours. i.e something simple to use for these people who are generally executives or clients and who do not have time to wait for IT to setup a secure access on their computer. Most of these people only wants to access their Web Email, make a VPN to their head office or surf the internet.
I do not want to provide a public Hot Spot for all the neighbors in the building... So I think of having an https authentication before permiting any IP traffic outside that private network. The same guest password will be provided to our visitors. This password will change every weeks or months this is not a problem.
My first question is: Is it a good scenario ?
Second question: Which hardware could I use manage the authentication ? I have in mind that a PIX can perform http(s) outbound authentication, is that true ?
What we've done is to setup a seperate open, unencrypted ssid on the access points and trunked it back to the network core (not using layer 3 mobility). We put a proxy/captive portal on this network that acts as the gateway. We have this device setup to do radius authentication against ACS. When a user pops up a web browser, it displays a login screen and as soon as they login, away they go.
You can create a Guest VLAN for your visitors. Place a PIX into your DMZ. Enable DHCP for that VLAN, and then configure your pix for HTTP authentication. I would recommend frequently changing that password.
Check out http:\\www.publicip.net and the free ZoneCD linuxdistro that you can run on a old pc with two nics. Probably the easyest and most powerful free "ready to go" hotspot solution today? We use this on our guestnet ssid and vlan through 80+ Aironet 1231G. There have been some issues with VPN, but this will probably be fixed soon.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...