Solved

Blocking Guest Wireless Network

Posted on 2010-08-23
8
737 Views
Last Modified: 2013-11-12
I'm looking for some help blocking guest wireless network. I have 2 wireless networks, 1 internal and 1 guest WIFI, which are both on separate VLANs. I need to make sure that the internal users can only connect to the secure network and not the quest one, which is wide open. I don't care if they connect to the AP's, we just need to make sure they can't connect to the internet. I know that I could block them by MAC addresses but that's the most undesirable solution as it creates management headache. Are there any registry keys that i can modify on all of our internal PC's?

All users are on XP sp3 and we use 2003 Active Directory. Wireless connections are managed by Windows.


Thanks for your help!
0
Comment
Question by:deep06
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 2

Expert Comment

by:Dynamite-Web
ID: 33504887
Depending on the type of switches/routers you have, you should be able to just add an access-list of some sort on the vlans which only allows the access you want.  Due to the networks being on separate VLANs, they should not be able to communicate between them unless you allow it on the router.

I wouldn't try to enforce policy on each machine, but rather on the router itself.  More information on the network devices would be helpful to provide a more specific answer.
0
 

Author Comment

by:deep06
ID: 33504956
Thanks for your reply Dynamite-Web, but I think you misunderstood the problem. We are talking about wide open wifi that's used by our guest visitors and we just need to block all of our internal (corporate employees) from being able to access it while allowing our guests to connect to it. In other words, we want to make sure our corporate laptops and desktops cannot connect to that wireless network.

Thanks.
0
 
LVL 3

Accepted Solution

by:
petelettin earned 125 total points
ID: 33506203
something along the lines of a deployed setup for the internal wifi and lock of changing network settings using either group policy or poledit or similar e.g a reg file.

or perhaps a persistent route with a low metric for the internal subnet range pointing to the default gateway ip address (a duplicate of the dynamic default gateway route)

so even if they connect it to guest it will try to route to internal's gateway address and fail

Wireless connections usually have a higher metric than wired connections a lower metric will be used first
0
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

 
LVL 5

Assisted Solution

by:Anthony1982
Anthony1982 earned 125 total points
ID: 33506393
Here is your answer right here:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_24905471.html

You can create a group policy to stop them..
Hope this helps!
0
 

Author Comment

by:deep06
ID: 33510394
Petelettin, thanks for your suggestions. I've been thinking about the same solutions the problem is if I completely lock wifi configuration with the policies, than the users won't be able to add any wifi configs when they travel. I also looked into changing routing tables with persistent routes (i wanted to route dns ip's to a loop address) but that's also not going to work because it doesn't take 127.0.0.1 address as gateway for outside addresses.

is there a way to lock just one ssid in the wireless policies while still allowing users to add and remove other wifi configs?
0
 

Author Comment

by:deep06
ID: 33510408
Anthohny1982 thanks for your suggestion but that's not going to work, please read my reply to petelettin.
0
 
LVL 3

Expert Comment

by:petelettin
ID: 33523822
There's nothing that specific in GP

It's difficult to put anything in GP and still have it able to roam.

interrnal proxy server with ie settings locked - still wouldn't work when roaming

0
 

Author Closing Comment

by:deep06
ID: 33833803
Used GP to force users to connect to this network but with incorrect encryptioin
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question