|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Guest WirelessWe have guests that come into the building that need Internet access so we
wanted to find some solution that: 1. Cover the whole 33,000 sq ft single floor building. 2. If it is multiple APs then be centrally managed. 3. Allow the quick creation of access accounts for the guests. 4. Expire the accounts automatically after a certain period (minutes, hours, days) 5. Still allow or should I say "force" my internal users onto our network while keeping the guests off our network. The reason I want to force our internal users onto our network is because we monitor and filter their access through and ISA Server which prevents them from downloading programs, questionable content, etc. Quick analysis I would say you would need to look into getting multiple Cisco
Ap's along with using a tool like WCS system to control monitoring and deployment. There are cheaper solutions but it depends on how much of LOS(line of sight) you have in a large area like this. Now for username management obviously depending on how many "guest" you have comming in this could become very tedious and it also depends on where you want them to authenticate on the domain or outside in a seperate DMZ safe zone. I would suggest unless you want to go the TACAS or RADIUS type authentication is to setup a type service where the guest have to fill out a short form and authenticate to a seperate server all together. There are opensource packages out there setup for a one disc cd boot of these type systems along with controls on time, where they can go etc. It basically breaks down to the server becomming a proxy to the guest users and allowing only what you want and when you want. Keeping this network seperate from any sort of production server on the network or private would be your best option. If you want some suggestions on this let me know but I need a little more information on which direction you want to go. Michael Show quote "Jordan" wrote: > We have guests that come into the building that need Internet access so we > wanted to find some solution that: > > 1. Cover the whole 33,000 sq ft single floor building. > 2. If it is multiple APs then be centrally managed. > 3. Allow the quick creation of access accounts for the guests. > 4. Expire the accounts automatically after a certain period (minutes, hours, > days) > 5. Still allow or should I say "force" my internal users onto our network > while keeping the guests off our network. > > The reason I want to force our internal users onto our network is because we > monitor and filter their access through and ISA Server which prevents them > from downloading programs, questionable content, etc. > > > > > First I'd ask do we really need to cover the whole 33,000 sq ft building? Or
could they be directed to a number of areas within the building to access the internet. If they do need access from the entire 33,000 square feet then I believe you'll need wireless. I'm not at all sure you'll find a quick and easy way to do what you want. I suggest that you read this newsgroup, you'll soon see that for many wireless is not easy. As they are *guest* I'm assuming that you don't control their hardware, so you'll need a wireless solution that works with a large number of different hardware configurations. I'd suggest that you create a MAC address list for your hardware, and find a wireless solution that supports denying access to certain MAC address. Use your hardware MAC address list to keep your employees off the system. Another option might be to give your employees hardware that does not support the guest system hardware. Your computers use 802.11a radios and the guest system uses 802.11b/g radios. Any system that is easy to setup for visitors will be also be easy for your employees that so desire to gain access to IMHO. So make their be little reason for your employees to want to gain access to it. Make it slow and filtered as well. -- Show quoteDavid Hettel Please post any reply as a follow-up message in the news group for everyone to see. I'm sorry, but I don't answer questions addressed directly to me in E-mail or news groups. Microsoft Most Valuable Professional Program http://mvp.support.microsoft.com DISCLAIMER: This posting is provided "AS IS" with no warranty of any kind, either expressed or implied, made in relation to the accuracy, reliability or content of this post. The author shall not be liable for any direct, indirect, incidental or consequential damages arising out of the use of, or inability to use, information or opinions expressed in this post and confers no rights. "Jordan" <n***@here.com> wrote in message news:%232ntvLNCHHA.3396@TK2MSFTNGP02.phx.gbl... > We have guests that come into the building that need Internet access so we > wanted to find some solution that: > > 1. Cover the whole 33,000 sq ft single floor building. > 2. If it is multiple APs then be centrally managed. > 3. Allow the quick creation of access accounts for the guests. > 4. Expire the accounts automatically after a certain period (minutes, > hours, days) > 5. Still allow or should I say "force" my internal users onto our network > while keeping the guests off our network. > > The reason I want to force our internal users onto our network is because > we monitor and filter their access through and ISA Server which prevents > them from downloading programs, questionable content, etc. > > > > Easest way is to stick a seperate broadband connection in, different subnet
ect, that way you keep all seperate and can control access times independant of internal lan. May cost you $25 a month but management time sved would cover this cost. Don Show quote "Jordan" <n***@here.com> wrote in message news:%232ntvLNCHHA.3396@TK2MSFTNGP02.phx.gbl... > We have guests that come into the building that need Internet access so we > wanted to find some solution that: > > 1. Cover the whole 33,000 sq ft single floor building. > 2. If it is multiple APs then be centrally managed. > 3. Allow the quick creation of access accounts for the guests. > 4. Expire the accounts automatically after a certain period (minutes, > hours, days) > 5. Still allow or should I say "force" my internal users onto our network > while keeping the guests off our network. > > The reason I want to force our internal users onto our network is because > we monitor and filter their access through and ISA Server which prevents > them from downloading programs, questionable content, etc. > > > > "Jordan" wrote: Use APs that have "dual personality" capability: such AP has two or > We have guests that come into the building that need Internet access so we > wanted to find some solution that: > > 1. Cover the whole 33,000 sq ft single floor building. > 2. If it is multiple APs then be centrally managed. > 3. Allow the quick creation of access accounts for the guests. > 4. Expire the accounts automatically after a certain period (minutes, hours, > days) > 5. Still allow or should I say "force" my internal users onto our network > while keeping the guests off our network. more SSIDs; for guest access you can configure a SSID with no security, and for internal users - another SSID with proper security; the AP then separates the traffic to a public internet router or your internal LAN. Guest accounts can be identified by MAC address and kicked off after some time; maybe there even are APs wih this capabiluty. Otherwise you can make a SNMP based utility for this. > The reason I want to force our internal users onto our network is because we It is enough to inform the employees that connecting to the guest network> monitor and filter their access through and ISA Server which prevents them > from downloading programs, questionable content, etc. and downloading stuff from internet violates the company's IT policy. You can't prohibit them from doing this by any _reasonable_ technical means. ( there are also _unreasonable_ means, which IMHO are too restrictive and expensive.) Regards, --PA  |
|||||||||||||||||||||||
Other interesting topics