Mark Galvin
asked on
How to have new WiFi password each day
Client has small office and two NetGear WAC510 units providing WiFi into LAN. Currently both are set with the same SSID and password. The SSID has been given out to guests/visitors etc. and the password is widely know.
What client wants to do now is have the password for the SSID changed each day so that access (even for users) is limited etc.
I thought that using the MAC Filter was the way to go but IT Support are not always around to add people (then remove them at end of day).
Is this even possible to happen automatically? Client suggest:
Any ideas folks?
What client wants to do now is have the password for the SSID changed each day so that access (even for users) is limited etc.
I thought that using the MAC Filter was the way to go but IT Support are not always around to add people (then remove them at end of day).
Is this even possible to happen automatically? Client suggest:
- Password gets reset each morning to a randomlly generated key
- Email is sent out to IT and all managers providing the new password
Any ideas folks?
ASKER
Hi
Sorry - I should have mentioned. We are installing a third WAP which will be used for guests/visitors etc. in pretty much the way you have described so guests/visitors isnt the issue.
The issue is that the client doesn't want staff giving the password for the internal WiFi network out to not staff members.
I suppose the way to go is:
Sorry - I should have mentioned. We are installing a third WAP which will be used for guests/visitors etc. in pretty much the way you have described so guests/visitors isnt the issue.
The issue is that the client doesn't want staff giving the password for the internal WiFi network out to not staff members.
I suppose the way to go is:
- Use the third WAP for guests/visitors - going live
- For Staff members, use the MAC filter on the 2 x WAC510 so that even if the staff give out the password for the internal SSID guests/visitors will not be able to connect to it
- If, for any reason IT are not around to add a new staffmember/device to WAC510 Mac Filter List, the visitor SSID can be used until IT are around
What you describe for your internal network will work fine.
Providing a separate connection for guests as you and I described will keep them off your network and you do not need to give them your network password.
Providing a separate connection for guests as you and I described will keep them off your network and you do not need to give them your network password.
Hi,
MAC filtering is not a very convenient and secure method, since it can be easily bypassed by sniffing the network.
What John suggested is better; you have to separate the Wireless networks.
The disadvantages of keeping your guests on the same network are way too high; do you want your file or application server to be accessible by guests? what I mean is why to take the risk and expose all your resources.
I don't know what your budget is, or your infrastructure, but there are many ways to achieve what you asked for depending on your infrastructure.
Please can you emphasize more on your network, servers...?
MAC filtering is not a very convenient and secure method, since it can be easily bypassed by sniffing the network.
What John suggested is better; you have to separate the Wireless networks.
The disadvantages of keeping your guests on the same network are way too high; do you want your file or application server to be accessible by guests? what I mean is why to take the risk and expose all your resources.
I don't know what your budget is, or your infrastructure, but there are many ways to achieve what you asked for depending on your infrastructure.
Please can you emphasize more on your network, servers...?
ASKER
OK.
So, already setting up guest network so nothing to do there.
What needs to happen now is that the internal SSID needs to be setup in such as way that if the staff give out the password, devices cannot connect without further level of securing/auth.
In terms of infrastructure, Windows servers (mainly VMWare), Citrix XenApp. Budget for this is constraint. Already explained to client that getting a system that is secure and works they we they need it to may cost but not budging.
Thanks
Mark
So, already setting up guest network so nothing to do there.
What needs to happen now is that the internal SSID needs to be setup in such as way that if the staff give out the password, devices cannot connect without further level of securing/auth.
In terms of infrastructure, Windows servers (mainly VMWare), Citrix XenApp. Budget for this is constraint. Already explained to client that getting a system that is secure and works they we they need it to may cost but not budging.
Thanks
Mark
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks, Mark. I was happy to help and good luck with this.
An alternative approach is to create a new and strong password for the Office. Do not give this out.
Now add another wireless router to your network:
Hook up the WAN port on the new router to your network.
Give it a static WAN IP address on your network.
Make sure DHCP is ON.
Give the new router a LAN subnet address that is different from your network subnet.
Set up wireless and provide a simple (but not trivial) password.
Now guests have Internet but are NOT on your network at all (right now you allow them on your network). Unless your guests are hackers, this will be reasonably secure.
Cost: 1 wireless router; Convenience: High.