How to give temporary or occasional access to guests on office wi-fi network.

I would like to know the best way to handle a change on an office network for a school. Currently there are a number of wireless clients (approx 30 laptops) throught the school buildings. There are a total of 4 wi-fi access points to provide complete coverage. The same non-broadcast SSID is used everywhere along with the same WEP key.
I would like to open up access occasionally for visitors/guests to access the internet (no need for domain access). What is the best way to do this with no interruption of the existing connections but without giving out the permanent WEP key. Also, for ease of use I thought about temporarily broadcasting the SSID when the need arises.
The other though I had was to purchase an additional AP just to use for this purpose, but if there is a good way to do it using our existing hardware that would be preferred.

Thanks!!!
jmolhavaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mattyfonzCommented:
you could create a guest account with specified login hours to restrict public wireless activity.
i would personally get another AP and configure it to broadcast a different SSID specifically for public access so that when guests login and download they dont saturate the teachers wireless network. some AP actually have the option to enable/disable wireless at specific times to can also configure that to match your guest accounts login restriction hours as well.

are you using RADIUS  to authenticate your wireless clients?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jmolhavaAuthor Commented:
We are not using RADIUS.

The only drawback to using a separate wireless AP is that it cannot cover the whole campus. Most of the time it will be OK because the main need will be in the office area but it will be a limit without buying a few AP's.

If there is any way to do it with our existing network that would be great.

I am not an expert with wireless networking so I don not know if this is just dreaming, but it would be great if we could have a wireless network that would allow internet only access on a subnet for non-domain users.
0
mattyfonzCommented:
hmmm i think it is quite difficult to setup what you want without using RADIUS.
if you use the existing wireless you would have to give public users the wep key to connect to the wireless. this should give them access to the internet, if they attempted to connect to any network resources they would be prompted for a user name and password if your security is configured appropriately. the problem with this is that once you give them the wep key, they can connect at any time they wanted which creates a bit of a security concern (not to mention your using WEP instead of WPA). as i mentioned before, if you do use the existing wireless and a public user is downloading extensively off the internet, transferring large files over the wireless etc. all other users connected to the same AP will slow down to a crawl.

Maybe you should looking into setting up RADIUS for your wireless authentication, that way you can create a public user account that you can configure to only be enabled at certain times, have auditing etc.

I cant think of any other conventional admin friendly ways to do what you want other than changing the wep key every time you give it out to a public user. which would be a hassle to say the least. and on second thought, you mentioned that you were in a school. having an open public access point would be pretty risky in my opinion..

0
jmolhavaAuthor Commented:
Sorry for not responding sooner...

I think that your first suggestion of using another AP with its own SSID and subnet is the best solution for us without setting up RADIUS or buying some more expensive AP's.

Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.