Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How to give temporary or occasional access to guests on office wi-fi network.

Posted on 2007-03-27
Medium Priority
Last Modified: 2013-11-12
I would like to know the best way to handle a change on an office network for a school. Currently there are a number of wireless clients (approx 30 laptops) throught the school buildings. There are a total of 4 wi-fi access points to provide complete coverage. The same non-broadcast SSID is used everywhere along with the same WEP key.
I would like to open up access occasionally for visitors/guests to access the internet (no need for domain access). What is the best way to do this with no interruption of the existing connections but without giving out the permanent WEP key. Also, for ease of use I thought about temporarily broadcasting the SSID when the need arises.
The other though I had was to purchase an additional AP just to use for this purpose, but if there is a good way to do it using our existing hardware that would be preferred.

Question by:jmolhava
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Accepted Solution

mattyfonz earned 2000 total points
ID: 18804895
you could create a guest account with specified login hours to restrict public wireless activity.
i would personally get another AP and configure it to broadcast a different SSID specifically for public access so that when guests login and download they dont saturate the teachers wireless network. some AP actually have the option to enable/disable wireless at specific times to can also configure that to match your guest accounts login restriction hours as well.

are you using RADIUS  to authenticate your wireless clients?

Author Comment

ID: 18804988
We are not using RADIUS.

The only drawback to using a separate wireless AP is that it cannot cover the whole campus. Most of the time it will be OK because the main need will be in the office area but it will be a limit without buying a few AP's.

If there is any way to do it with our existing network that would be great.

I am not an expert with wireless networking so I don not know if this is just dreaming, but it would be great if we could have a wireless network that would allow internet only access on a subnet for non-domain users.

Expert Comment

ID: 18805252
hmmm i think it is quite difficult to setup what you want without using RADIUS.
if you use the existing wireless you would have to give public users the wep key to connect to the wireless. this should give them access to the internet, if they attempted to connect to any network resources they would be prompted for a user name and password if your security is configured appropriately. the problem with this is that once you give them the wep key, they can connect at any time they wanted which creates a bit of a security concern (not to mention your using WEP instead of WPA). as i mentioned before, if you do use the existing wireless and a public user is downloading extensively off the internet, transferring large files over the wireless etc. all other users connected to the same AP will slow down to a crawl.

Maybe you should looking into setting up RADIUS for your wireless authentication, that way you can create a public user account that you can configure to only be enabled at certain times, have auditing etc.

I cant think of any other conventional admin friendly ways to do what you want other than changing the wep key every time you give it out to a public user. which would be a hassle to say the least. and on second thought, you mentioned that you were in a school. having an open public access point would be pretty risky in my opinion..


Author Comment

ID: 18885130
Sorry for not responding sooner...

I think that your first suggestion of using another AP with its own SSID and subnet is the best solution for us without setting up RADIUS or buying some more expensive AP's.


Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question