Blocking Guest Wireless Network

Posted on 2010-08-23
Medium Priority
Last Modified: 2013-11-12
I'm looking for some help blocking guest wireless network. I have 2 wireless networks, 1 internal and 1 guest WIFI, which are both on separate VLANs. I need to make sure that the internal users can only connect to the secure network and not the quest one, which is wide open. I don't care if they connect to the AP's, we just need to make sure they can't connect to the internet. I know that I could block them by MAC addresses but that's the most undesirable solution as it creates management headache. Are there any registry keys that i can modify on all of our internal PC's?

All users are on XP sp3 and we use 2003 Active Directory. Wireless connections are managed by Windows.

Thanks for your help!
Question by:deep06

Expert Comment

ID: 33504887
Depending on the type of switches/routers you have, you should be able to just add an access-list of some sort on the vlans which only allows the access you want.  Due to the networks being on separate VLANs, they should not be able to communicate between them unless you allow it on the router.

I wouldn't try to enforce policy on each machine, but rather on the router itself.  More information on the network devices would be helpful to provide a more specific answer.

Author Comment

ID: 33504956
Thanks for your reply Dynamite-Web, but I think you misunderstood the problem. We are talking about wide open wifi that's used by our guest visitors and we just need to block all of our internal (corporate employees) from being able to access it while allowing our guests to connect to it. In other words, we want to make sure our corporate laptops and desktops cannot connect to that wireless network.


Accepted Solution

petelettin earned 500 total points
ID: 33506203
something along the lines of a deployed setup for the internal wifi and lock of changing network settings using either group policy or poledit or similar e.g a reg file.

or perhaps a persistent route with a low metric for the internal subnet range pointing to the default gateway ip address (a duplicate of the dynamic default gateway route)

so even if they connect it to guest it will try to route to internal's gateway address and fail

Wireless connections usually have a higher metric than wired connections a lower metric will be used first
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!


Assisted Solution

Anthony1982 earned 500 total points
ID: 33506393
Here is your answer right here:


You can create a group policy to stop them..
Hope this helps!

Author Comment

ID: 33510394
Petelettin, thanks for your suggestions. I've been thinking about the same solutions the problem is if I completely lock wifi configuration with the policies, than the users won't be able to add any wifi configs when they travel. I also looked into changing routing tables with persistent routes (i wanted to route dns ip's to a loop address) but that's also not going to work because it doesn't take address as gateway for outside addresses.

is there a way to lock just one ssid in the wireless policies while still allowing users to add and remove other wifi configs?

Author Comment

ID: 33510408
Anthohny1982 thanks for your suggestion but that's not going to work, please read my reply to petelettin.

Expert Comment

ID: 33523822
There's nothing that specific in GP

It's difficult to put anything in GP and still have it able to roam.

interrnal proxy server with ie settings locked - still wouldn't work when roaming


Author Closing Comment

ID: 33833803
Used GP to force users to connect to this network but with incorrect encryptioin

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
The Summer 2017 Scholarship Winners have been announced!
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question