Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Prevent corporate users from accessing guest network?

We have two SSIDs - one for the corporate network and one for the guest network.

The corporate network uses PEAP for authentication and the Guest is open (separate vlans, etc).

I need a way to keep the corporate users off of the guest network (so they can't avoid web filtering, etc.)

Is there a way to do this via MAC exclusions or something?

Thanks,

John

6 REPLIES
New Member

Re: Prevent corporate users from accessing guest network?

Hi John,

would be very interested in an answer to this also.

Lee

New Member

Re: Prevent corporate users from accessing guest network?

Hi John,

My manager asked me this question and I told him that the corporate users wouldn't be able to get past the web authentication as they wouldn't know any guest access account details. However, I'd also welcome a more informed answer as I feel there may be flaws in this idea.

Regards,

Scott

New Member

Re: Prevent corporate users from accessing guest network?

We don't require any account information for the guest network - it is wide open - so there is nothing to prevent a corporate user from logging on.

Re: Prevent corporate users from accessing guest network?

We solved this problem by using a Windows GP to push out incorrect settings for the guest wireless SSID so that even if corporate users tried to connect they were unable to. Eg; if the guest VLAN uses WPA security we pushed out settings for it's SSID that specified WEP. Unfortunately this only works if you're using the Windows wireless configuration tool on your clients.

New Member

Re: Prevent corporate users from accessing guest network?

I use the web authenication and dont give them the user name and password. Our venders get a unique account set for certain number of days, then it goes dead.

New Member

Re: Prevent corporate users from accessing guest network?

Hi John,

What I found was when using WEB auth on a guest WLAN the controller with automatically use your AAA server if a local guest account is not found. That is if you have AAA servers setup on your WLC. I had to block my corporate users access to my Guest WLAN through my AAA server. Cisco TAC did confirm this is how the WLC will operate.

Hope this helps!

163
Views
4
Helpful
6
Replies