How to have new WiFi password each day

Client has small office and two NetGear WAC510 units providing WiFi into LAN. Currently both are set with the same SSID and password. The SSID has been given out to guests/visitors etc. and the password is widely know.

What client wants to do now is have the password for the SSID changed each day so that access (even for users) is limited etc.

I thought that using the MAC Filter was the way to go but IT Support are not always around to add people (then remove them at end of day).

Is this even possible to happen automatically? Client suggest:
  1. Password gets reset each morning to a randomlly generated key
  2. Email is sent out to IT and all managers providing the new password

Any ideas folks?
LVL 13
Mark GalvinManaging Director / Principal ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Sending out emails with passwords is not always secure either.

An alternative approach is to create a new and strong password for the Office.  Do not give this out.

Now add another wireless router to your network:

Hook up the WAN port on the new router to your network.
Give it a static WAN IP address on your network.
Make sure DHCP is ON.
Give the new router a LAN subnet address that is different from your network subnet.  
Set up wireless and provide a simple (but not trivial) password.

Now guests have Internet but are NOT on your network at all (right now you allow them on your network).  Unless your guests are hackers, this will be reasonably secure.

Cost: 1 wireless router;  Convenience: High.
Mark GalvinManaging Director / Principal ConsultantAuthor Commented:

Sorry - I should have mentioned. We are installing a third WAP which will be used for guests/visitors etc. in pretty much the way you have described so guests/visitors isnt the issue.

The issue is that the client doesn't want staff giving the password for the internal WiFi network out to not staff members.

I suppose the way to go is:
  1. Use the third WAP for guests/visitors - going live
  2. For Staff members, use the MAC filter on the 2 x WAC510 so that even if the staff give out the password for the internal SSID guests/visitors will not be able to connect to it
  3. If, for any reason IT are not around to add a new staffmember/device to WAC510 Mac Filter List, the visitor SSID can be used until IT are around
JohnBusiness Consultant (Owner)Commented:
What you describe for your internal network will work fine.

Providing a separate connection for guests as you and I described will keep them off your network and you do not need to give them your network password.
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

NedIT ConsultantCommented:

MAC filtering is not a very convenient and secure method, since it can be easily bypassed by sniffing the network.
What John suggested is better; you have to separate the Wireless networks.
The disadvantages of keeping your guests on the same network are way too high; do you want your file or application server to be accessible by guests? what I mean is why to take the risk and expose all your resources.

I don't know what your budget is, or your infrastructure, but there are many ways to achieve what you asked for depending on your infrastructure.

Please can you emphasize more on your network, servers...?
Mark GalvinManaging Director / Principal ConsultantAuthor Commented:

So, already setting up guest network so nothing to do there.

What needs to happen now is that the internal SSID needs to be setup in such as way that if the staff give out the password, devices cannot connect without further level of securing/auth.

In terms of infrastructure, Windows servers (mainly VMWare), Citrix XenApp. Budget for this is constraint. Already explained to client that getting a system that is secure and works they we they need it to may cost but not budging.

JohnBusiness Consultant (Owner)Commented:
1.. Guest network on DHCP - Nothing to do.

2. We just ask staff not to give out secure passwords. With easy to access guest network, this is not hard, especially if the office wireless password is not easy to remember.

3. Cost - one wireless router which is inexpensive.

We do the above at our clients and have no issues.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
Thanks, Mark. I was happy to help and good luck with this.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.