How to have new WiFi password each day

Client has small office and two NetGear WAC510 units providing WiFi into LAN. Currently both are set with the same SSID and password. The SSID has been given out to guests/visitors etc. and the password is widely know.

What client wants to do now is have the password for the SSID changed each day so that access (even for users) is limited etc.

I thought that using the MAC Filter was the way to go but IT Support are not always around to add people (then remove them at end of day).

Is this even possible to happen automatically? Client suggest:
  1. Password gets reset each morning to a randomlly generated key
  2. Email is sent out to IT and all managers providing the new password

Any ideas folks?
LVL 13
Mark GalvinManaging Director / Principal ConsultantAsked:
Who is Participating?
JohnBusiness Consultant (Owner)Commented:
1.. Guest network on DHCP - Nothing to do.

2. We just ask staff not to give out secure passwords. With easy to access guest network, this is not hard, especially if the office wireless password is not easy to remember.

3. Cost - one wireless router which is inexpensive.

We do the above at our clients and have no issues.
JohnBusiness Consultant (Owner)Commented:
Sending out emails with passwords is not always secure either.

An alternative approach is to create a new and strong password for the Office.  Do not give this out.

Now add another wireless router to your network:

Hook up the WAN port on the new router to your network.
Give it a static WAN IP address on your network.
Make sure DHCP is ON.
Give the new router a LAN subnet address that is different from your network subnet.  
Set up wireless and provide a simple (but not trivial) password.

Now guests have Internet but are NOT on your network at all (right now you allow them on your network).  Unless your guests are hackers, this will be reasonably secure.

Cost: 1 wireless router;  Convenience: High.
Mark GalvinManaging Director / Principal ConsultantAuthor Commented:

Sorry - I should have mentioned. We are installing a third WAP which will be used for guests/visitors etc. in pretty much the way you have described so guests/visitors isnt the issue.

The issue is that the client doesn't want staff giving the password for the internal WiFi network out to not staff members.

I suppose the way to go is:
  1. Use the third WAP for guests/visitors - going live
  2. For Staff members, use the MAC filter on the 2 x WAC510 so that even if the staff give out the password for the internal SSID guests/visitors will not be able to connect to it
  3. If, for any reason IT are not around to add a new staffmember/device to WAC510 Mac Filter List, the visitor SSID can be used until IT are around
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

JohnBusiness Consultant (Owner)Commented:
What you describe for your internal network will work fine.

Providing a separate connection for guests as you and I described will keep them off your network and you do not need to give them your network password.
NedIT ConsultantCommented:

MAC filtering is not a very convenient and secure method, since it can be easily bypassed by sniffing the network.
What John suggested is better; you have to separate the Wireless networks.
The disadvantages of keeping your guests on the same network are way too high; do you want your file or application server to be accessible by guests? what I mean is why to take the risk and expose all your resources.

I don't know what your budget is, or your infrastructure, but there are many ways to achieve what you asked for depending on your infrastructure.

Please can you emphasize more on your network, servers...?
Mark GalvinManaging Director / Principal ConsultantAuthor Commented:

So, already setting up guest network so nothing to do there.

What needs to happen now is that the internal SSID needs to be setup in such as way that if the staff give out the password, devices cannot connect without further level of securing/auth.

In terms of infrastructure, Windows servers (mainly VMWare), Citrix XenApp. Budget for this is constraint. Already explained to client that getting a system that is secure and works they we they need it to may cost but not budging.

JohnBusiness Consultant (Owner)Commented:
Thanks, Mark. I was happy to help and good luck with this.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.