Forum

If you have Cisco gear I suggest using the Mobility Anchor method for guest access.


Basically you have one controller in your DMZ and one somewhere else in your internal network.

Guests connect to the guest WLAN, and their traffic is tunneled via LWAPP to the AP, then tunneled via EoIP bewteen the two controllers. The users get a DHCP address from the DMZ and from there they go out to the internet.

This way, no matter which AP users connect to in your enterprise, they connect to the same SSID and get their ip address from the same source, even if they roam. It is much simpler than using VRF and you can do a captive portal from the controller if you want.

There's more to it, and I probably didn't explain it very well, but I encourage you to look it up.

We dont have wireless controllers so we have implemented VRF :)
I have only to find an access gateway ;)

if you are in Europe it is worth checking out whether you need to track access to the Internet as by providing a Guest SSID you can be seen as providing ISP services and will have some liability as to what clients are doing whilst connected to your network.

As it happens the Legislation does not apply to all of Europe (it hasn't hit the UK yet) but is expected to come into force here shortly.

Dave

beridor Escribi?3:

if you are in Europe it is worth checking out whether you need to track access to the Internet as by providing a Guest SSID you can be seen as providing ISP services and will have some liability as to what clients are doing whilst connected to your network.

As it happens the Legislation does not apply to all of Europe (it hasn't hit the UK yet) but is expected to come into force here shortly.

Dave

Yes, good thinking but almost everyone here (Greece) has a free wireless modem, or even metropolitan network providing free internet access....

This subject has been discussed a lot but no penalties etc yet...

Moreover, the access will be provided on a specific area , with existing physical security