• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 774
  • Last Modified:

Guest Wireless Access

I have been tasked with setting up a guest wireless network so that vendors/patients/visitors to our non-profit hospital can access the internet during their visit. I have no budget with which to work and think that we have the existing equipment but not the know how to put it to work. Here is a breakdown of our physical network infrastructure:

4 Cisco AIR-AP1121G-A-K9
5 Cisco WS-C2960G-48TC-L
1 Cisco WS-C3550-48
1 Cisco WS-C2960G-8TC-L
1 Cisco WS-C2960G-24TC-L
1 Cisco WS-C3550-24
1 Cisco ASA 5510

All are using the default VLAN 1, no other VLANs are configured.

We need the guest traffic to separate from our traffic so they don't have access to Patient Information. We would like the traffic to go through our Websense server but it is not necessary. The users would have to be redirected to an Acceptable Use Policy (agree or disagree) before being able to use the internet.

We have the basics when it comes to configuring our switches but our IT team consists of 2 people and we know we can do this just not sure where to start. Any help is greatly appreciated.
0
ODA521
Asked:
ODA521
2 Solutions
 
tpitch-ssemcCommented:
Unless I'm not thinking clearly you're probably looking at a whole network makeover. If you want it to parse through your Websense server then you need to move your Websense server outside of your protected network.

If you'd prever you can create a new VLAN for guest access and just route it out your Internet connection. Sounds like you have small wireless foot print, I'd probably just pickup some cheap Cisco/Linksys APs with the captive portal and stick it on the public side of your Internet.

We have a setup that you're looking to achieve, but we have a wireless controller with multiple NICs and route the traffic that way.

If you want to use your current configuration you're going to have to create some VLANs to separate traffic (you should never use VLAN 1 by the way). But for this instance you're going tohave to map SSID: Guest to VLAN2. See if this helps you out, there is no audio but it may get you started.

http://www.youtube.com/watch?v=l51u4SkaGtY
0
 
profgeekCommented:
How many areas are you wanting to provide access for?  Do you have an estimate as to how many WAPs you'll need to cover those areas?

The simplest solution is to add consumer grade routers that have built-in guest access.  You could install those without messing with your current configuration.  You'll spend far more in labor trying to reconfigure your entire network than you would spend on a few of these (less than $100) routers.
0
 
ODA521Author Commented:
Thank you both for your input! I think the simplest and cost effective way will be to buy separate consumer grade routers and do it that way. Thank you again!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now