Security Options for Guest Access

Posted on 2011-10-27
Last Modified: 2013-11-09
We are getting 3500 series access points and a 5508 controller with the plan of having 2 wireless networks, one for employees and one for guests.
Other than just setting a static WPA key, what are other options for securing that network? Ideally I would like to let the receptionist handle this. So a static WPA key would be fine if she could change it on a regular basis without our help.
Please include any additional hardware/software requirements we would need. Thanks.

Anyone needing access to the network would have to check in with the receptionist anyway.
Question by:akalbfell
    LVL 18

    Accepted Solution

    My $0.02, the full monty would be to use a NAC solution in conjunction with a guest access server.  I'm most familiar with Cisco's offering in this area but I'm certain there are other similar offerings.  The receptionist could still issue credentials to guests (or employees can, it's flexible), but each guest would have their own individual authentication rather than just handing out a key that it's possible may not change very frequently.  NAC would allow you to control many aspects of the connection including what operating systems are allowed, but I would only seriously suggest that approach if you were already using (or deploying) a NAC solution for employees.  

    If you're not going in the direction of a full NAC solution for employees, you can still use Cisco's guest server integrated with Cisco's WLC (using RADIUS) to issue time-limited guest credentials, track usage, etc. Full NAC is not a requirement.  See

    However you decide to handle authentication, you want the VLAN associated with your guests to terminate in such a way that guests are not on the internal employee network. Whether that's into a firewall DMZ, or with a separate Internet connection, etc. is up to you.  If you do rely simply on a WAP key to authenticate guests, develop a rotating scheme to change the key periodically.  Daily is probably too frequent to be manageable, but weekly seems reasonable to me.  
    LVL 8

    Author Closing Comment

    Thanks for the very detailed response.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Hopefully this article will help someone who's had the same issues I had. I have a Dell Wireless 1390 WLAN Mini-Card and Windows 7, and for the past couple of days I was beyond frustrated because my wireless laptop was not able to access the Inte…
    In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now