Can someone suggest the best way to set up wireless access for visitors (non company employees) internet access only. We would like to secure the access point so only permitted visitors could attach to the AP with the least administrative effort.
I was thinking two access points. One using PEAP or LEAP to authenticate our employees. The other for the visitors. We could use access lists to permit only web traffic but I am not sure about the security set up for this situation. Something that is not a lot of administrative effort but secure. Is there such a solution?
You could use only one AP if they are Aironet APs. A simple solution would be to create two VLANs, one for employees, that uses PEAP or LEAP, and a guest VLAN, that is open. Create a ACL (Access Control List) on your switch/routers that the AP is connected to that only permits the guest VLAN to point towards your internet gateway. Here is a link on how to set up multiple VLANs:
I would still do what c.tenly suggested but you could also put a MAC filter on the AP. Only cards that are on your list can pass traffic. True you have to get the MAC address from the visitor and put it on the list but I don't see any other way to accomplish what you want.