jmolhava
asked on
How to give temporary or occasional access to guests on office wi-fi network.
I would like to know the best way to handle a change on an office network for a school. Currently there are a number of wireless clients (approx 30 laptops) throught the school buildings. There are a total of 4 wi-fi access points to provide complete coverage. The same non-broadcast SSID is used everywhere along with the same WEP key.
I would like to open up access occasionally for visitors/guests to access the internet (no need for domain access). What is the best way to do this with no interruption of the existing connections but without giving out the permanent WEP key. Also, for ease of use I thought about temporarily broadcasting the SSID when the need arises.
The other though I had was to purchase an additional AP just to use for this purpose, but if there is a good way to do it using our existing hardware that would be preferred.
Thanks!!!
I would like to open up access occasionally for visitors/guests to access the internet (no need for domain access). What is the best way to do this with no interruption of the existing connections but without giving out the permanent WEP key. Also, for ease of use I thought about temporarily broadcasting the SSID when the need arises.
The other though I had was to purchase an additional AP just to use for this purpose, but if there is a good way to do it using our existing hardware that would be preferred.
Thanks!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
hmmm i think it is quite difficult to setup what you want without using RADIUS.
if you use the existing wireless you would have to give public users the wep key to connect to the wireless. this should give them access to the internet, if they attempted to connect to any network resources they would be prompted for a user name and password if your security is configured appropriately. the problem with this is that once you give them the wep key, they can connect at any time they wanted which creates a bit of a security concern (not to mention your using WEP instead of WPA). as i mentioned before, if you do use the existing wireless and a public user is downloading extensively off the internet, transferring large files over the wireless etc. all other users connected to the same AP will slow down to a crawl.
Maybe you should looking into setting up RADIUS for your wireless authentication, that way you can create a public user account that you can configure to only be enabled at certain times, have auditing etc.
I cant think of any other conventional admin friendly ways to do what you want other than changing the wep key every time you give it out to a public user. which would be a hassle to say the least. and on second thought, you mentioned that you were in a school. having an open public access point would be pretty risky in my opinion..
if you use the existing wireless you would have to give public users the wep key to connect to the wireless. this should give them access to the internet, if they attempted to connect to any network resources they would be prompted for a user name and password if your security is configured appropriately. the problem with this is that once you give them the wep key, they can connect at any time they wanted which creates a bit of a security concern (not to mention your using WEP instead of WPA). as i mentioned before, if you do use the existing wireless and a public user is downloading extensively off the internet, transferring large files over the wireless etc. all other users connected to the same AP will slow down to a crawl.
Maybe you should looking into setting up RADIUS for your wireless authentication, that way you can create a public user account that you can configure to only be enabled at certain times, have auditing etc.
I cant think of any other conventional admin friendly ways to do what you want other than changing the wep key every time you give it out to a public user. which would be a hassle to say the least. and on second thought, you mentioned that you were in a school. having an open public access point would be pretty risky in my opinion..
ASKER
Sorry for not responding sooner...
I think that your first suggestion of using another AP with its own SSID and subnet is the best solution for us without setting up RADIUS or buying some more expensive AP's.
Thanks!
I think that your first suggestion of using another AP with its own SSID and subnet is the best solution for us without setting up RADIUS or buying some more expensive AP's.
Thanks!
ASKER
The only drawback to using a separate wireless AP is that it cannot cover the whole campus. Most of the time it will be OK because the main need will be in the office area but it will be a limit without buying a few AP's.
If there is any way to do it with our existing network that would be great.
I am not an expert with wireless networking so I don not know if this is just dreaming, but it would be great if we could have a wireless network that would allow internet only access on a subnet for non-domain users.