• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 751
  • Last Modified:

Blocking Guest Wireless Network

I'm looking for some help blocking guest wireless network. I have 2 wireless networks, 1 internal and 1 guest WIFI, which are both on separate VLANs. I need to make sure that the internal users can only connect to the secure network and not the quest one, which is wide open. I don't care if they connect to the AP's, we just need to make sure they can't connect to the internet. I know that I could block them by MAC addresses but that's the most undesirable solution as it creates management headache. Are there any registry keys that i can modify on all of our internal PC's?

All users are on XP sp3 and we use 2003 Active Directory. Wireless connections are managed by Windows.


Thanks for your help!
0
deep06
Asked:
deep06
2 Solutions
 
Dynamite-WebCommented:
Depending on the type of switches/routers you have, you should be able to just add an access-list of some sort on the vlans which only allows the access you want.  Due to the networks being on separate VLANs, they should not be able to communicate between them unless you allow it on the router.

I wouldn't try to enforce policy on each machine, but rather on the router itself.  More information on the network devices would be helpful to provide a more specific answer.
0
 
deep06Author Commented:
Thanks for your reply Dynamite-Web, but I think you misunderstood the problem. We are talking about wide open wifi that's used by our guest visitors and we just need to block all of our internal (corporate employees) from being able to access it while allowing our guests to connect to it. In other words, we want to make sure our corporate laptops and desktops cannot connect to that wireless network.

Thanks.
0
 
petelettinCommented:
something along the lines of a deployed setup for the internal wifi and lock of changing network settings using either group policy or poledit or similar e.g a reg file.

or perhaps a persistent route with a low metric for the internal subnet range pointing to the default gateway ip address (a duplicate of the dynamic default gateway route)

so even if they connect it to guest it will try to route to internal's gateway address and fail

Wireless connections usually have a higher metric than wired connections a lower metric will be used first
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Anthony1982Commented:
Here is your answer right here:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_24905471.html

You can create a group policy to stop them..
Hope this helps!
0
 
deep06Author Commented:
Petelettin, thanks for your suggestions. I've been thinking about the same solutions the problem is if I completely lock wifi configuration with the policies, than the users won't be able to add any wifi configs when they travel. I also looked into changing routing tables with persistent routes (i wanted to route dns ip's to a loop address) but that's also not going to work because it doesn't take 127.0.0.1 address as gateway for outside addresses.

is there a way to lock just one ssid in the wireless policies while still allowing users to add and remove other wifi configs?
0
 
deep06Author Commented:
Anthohny1982 thanks for your suggestion but that's not going to work, please read my reply to petelettin.
0
 
petelettinCommented:
There's nothing that specific in GP

It's difficult to put anything in GP and still have it able to roam.

interrnal proxy server with ie settings locked - still wouldn't work when roaming

0
 
deep06Author Commented:
Used GP to force users to connect to this network but with incorrect encryptioin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now