Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco WCS Iphones taking all IP's!

Posted on 2011-09-07
4
Medium Priority
?
478 Views
Last Modified: 2013-12-27
Our guest wireless (public broadcast) is leasing all 510 IP's to Iphones, Itouches, etc.. Lease time is set to 1 hr which is bad for the network and isn't working at this point.

Mac filtering isn't really an option. Unless its by denying the vendors MAC.. Is that possible?

What are common practices for guest wireless DHCP issues?
Thanks!
0
Comment
Question by:PapaSmurff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
rog2054 earned 1500 total points
ID: 36510104
Hi.

We had the same problem.

At first we increased the size of the DHCP pool - obviously this was only a temporary fix!

After that, as a slightly more effective solution (but still temporary), we have added a WEP key onto the guest wireless. As this is in a corpoarte environment, the WEP key is given freely to visitors upon their arrival to reception.
Once connected to the guest network, visitors then have to authenticate via a web page (Cisco WebAuth) before they actually get internet access. User logons for this are created on-demand by our internal IT Service Desk, and auto-expire after 24 hours. This gives us some idea who is using the guest network, as well as reassurance that they can only use it for a set period before it needs re-requesting (which keeps our Security guys happy).

As a more long-term solution, we're investigating/testing if Windows 2008 NPS can be used, as that can grant/deny based on OS etc - ie only allow Windows 7 and XP in this scenario. Our wireless controller can query the NPS Server (it currently does so to authenticate staff to our Staff Wifi using AD accounts, so should be an option.)

Another idea is to create a mac-blacklist, thereby allowing all except xxx yyy mac addresses. Over a relatively short period of time this could be created by collecting the MACs of all iphones etc which connect. (chances are the majority will be the same iphones every day). Obviously there is a manual element to this approach, so it may not be ideal depending on the scale of your wireless.

Hope this helps. I too would be interested to hear what other people are doing to combat this issue.
0
 

Author Comment

by:PapaSmurff
ID: 36718536
I've requested that this question be deleted for the following reason:

No answer given.
0
 
LVL 3

Expert Comment

by:rog2054
ID: 36718537
I gave several suggestions as to what we do, and other avenues we are looking into.
- Doesn't this count as an answer (or at least a partial one)?
0
 

Author Closing Comment

by:PapaSmurff
ID: 36718564
can only blacklist unique MAC's.
Thanks for answering.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question