Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secure Wireless Roaming and Guest access

Status
Not open for further replies.
JVKAdmin

JVKAdmin

IS-IT--Management
Dec 28, 2001
155
CA
Hi,

I have a scenario and would like a few comments/suggestions on how best approach:

We currently are looking at implementing a Wireless network at our company. Management would like to have the wireless network secure and be able to roam throughout the building with their laptops (ie more than one AP) but also allow Guests who frequent our company be able to connect wirelessly with their laptops without compromising security or creating more work for IT administrators. We are using a single a single subnet.

Does anyone have any ideas on how best to approach this and what hardware would be required.

Thanks
 
Sort by date Sort by votes
So they want it to be secure, but they want to allow other people on. Those requirements don't really mix that well.

One thing that I have seen people do to make this happen, is to setup the wireless, and allow anyone to connect to it. But on the network router level only allow traffic to the DNS Servers and the VPN server. That way as long as someone has a domain account that has VPN access they can VPN in from the wireless to the corporate network.

Another option would be two different wireless networks. One secured one for employees, and one open one that doesn't connect to the corporate network for non-employees.

Denny
MCSA (2003) / MCDBA (SQL 2000)

--Anything is possible. All it takes is a little research. (Me)

[noevil]
(My very old site)
 
Upvote 0 Downvote
Denny,

Thanks for responding.

Yes its a tricky scenario because on one hand we want to have our sales force who can be connected just by walking in the door (they can all be pre-configured with WEP or WPA) but we also need a way to have non-company employees while visiting access the internet but not necessarily our servers. This has to be done in a fairly secure manner but not so much as to cause a major administrative problem.

Your first scenario sounds interesting. Our VPN is actually hardware based and integrated into our Firewall as well so I wonder if our hardware will support that type of config.

Your second option sounds more expensive.

Anyways, it gives me a starting point in which to start thinking about.

Thanks

Kevin
 
Upvote 0 Downvote
I would lean towards mrDenny's suggestion. Keep the untrusted away from the core of your network. Depending on your infrastructure,there are security products/wireless products that can accomodate.
The first question I would ask management is "How much is the data worth ? How long can we afford to be down ?".

Rick Harris
SC Dept of Motor Vehicles
Network Operations
 
Upvote 0 Downvote
its not so difficult to get that working. You can work with different vlans. For example vlan 10 for guests, ssid guest and vlan 20 for your employees where you use Leap or authentication. You can route vlan 10 totally separate from the other vlan(s).
I use this often but then with a management vlan and user vlan on Cisco AP1200's.

CCNA, CCNP..partly ;)
 
Upvote 0 Downvote
MTandSAV,

I'd like to hear more about the technology as I'm not up to speed on VLAN's and wireless tech. Our reseller has recommended using a Cisco Aironet 1200.

How does the Wireless AP work as far as Roaming to other AP's ? this is also a requirement from management.

Kevin

 
Upvote 0 Downvote
These AP1200's can run cisco's IOS, same as the switches for example, so that works perfectly. Your pc associates with the SSID given in, whether that SSID is linked to a vlan 5, 10 or 100, its transparant, so doesn't matter, but you need to configure the switches behind it as well. Just make sure your management vlan on the AP is the same as it is on the switches.
Your NIC in your pc, usually takes the AP with the strongest link so for Roaming it works will, although you need to have the AP's in the same network of course. A good site survey is pretty important. If you just add a bunch of AP's it might bring down the performance.
Let me know when you have any specific questions.


CCNA, CCNP..partly ;)
 
Upvote 0 Downvote
MTandSAV,

Okay I'm a little confused. I don't know what a VLAN is or know much about Cisco and their technology. We don't currently have Cisco Switches as were using 3com's. Dioes that mean we'd also have to buy a Cisco switch ? We haven't gone through with ordering the 1200's yet until I can learn more about Wireless technology (and cisco) and come up with a plan that will work.

Maybe if you could give me some of the basics I could understand a bit more ?

Thanks

Kevin

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

smittywes38
  • Locked
  • Question
Unable to print to wireless printer connected to VPN
Replies
0
Views
144
smittywes38
smittywes38
hipath4k
  • Locked
  • Question
WIFI router with inbuilt multiple user login and password
Replies
0
Views
152
hipath4k
hipath4k
DenisTz
  • Locked
  • Question
Wireless Management software
Replies
0
Views
162
DenisTz
DenisTz
mwiinde
  • Locked
  • Question
How to Send Data Packet From Ms Access 2016 to Rs 232 Serial Port
Replies
0
Views
167
mwiinde
mwiinde
DrJorde
  • Locked
  • Question
No wireless receiver detected on your computer message after plugging in a USB3 1
Replies
3
Views
524
DrJorde
DrJorde

Part and Inventory Search

Sponsor

Back
Top