Link to home
Start Free TrialLog in
Avatar of deep06
deep06Flag for United States of America

asked on

Blocking Guest Wireless Network

I'm looking for some help blocking guest wireless network. I have 2 wireless networks, 1 internal and 1 guest WIFI, which are both on separate VLANs. I need to make sure that the internal users can only connect to the secure network and not the quest one, which is wide open. I don't care if they connect to the AP's, we just need to make sure they can't connect to the internet. I know that I could block them by MAC addresses but that's the most undesirable solution as it creates management headache. Are there any registry keys that i can modify on all of our internal PC's?

All users are on XP sp3 and we use 2003 Active Directory. Wireless connections are managed by Windows.


Thanks for your help!
Avatar of Dynamite-Web
Dynamite-Web
Flag of United States of America image

Depending on the type of switches/routers you have, you should be able to just add an access-list of some sort on the vlans which only allows the access you want.  Due to the networks being on separate VLANs, they should not be able to communicate between them unless you allow it on the router.

I wouldn't try to enforce policy on each machine, but rather on the router itself.  More information on the network devices would be helpful to provide a more specific answer.
Avatar of deep06

ASKER

Thanks for your reply Dynamite-Web, but I think you misunderstood the problem. We are talking about wide open wifi that's used by our guest visitors and we just need to block all of our internal (corporate employees) from being able to access it while allowing our guests to connect to it. In other words, we want to make sure our corporate laptops and desktops cannot connect to that wireless network.

Thanks.
ASKER CERTIFIED SOLUTION
Avatar of petelettin
petelettin
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of deep06

ASKER

Petelettin, thanks for your suggestions. I've been thinking about the same solutions the problem is if I completely lock wifi configuration with the policies, than the users won't be able to add any wifi configs when they travel. I also looked into changing routing tables with persistent routes (i wanted to route dns ip's to a loop address) but that's also not going to work because it doesn't take 127.0.0.1 address as gateway for outside addresses.

is there a way to lock just one ssid in the wireless policies while still allowing users to add and remove other wifi configs?
Avatar of deep06

ASKER

Anthohny1982 thanks for your suggestion but that's not going to work, please read my reply to petelettin.
There's nothing that specific in GP

It's difficult to put anything in GP and still have it able to roam.

interrnal proxy server with ie settings locked - still wouldn't work when roaming

Avatar of deep06

ASKER

Used GP to force users to connect to this network but with incorrect encryptioin