cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11310
Views
0
Helpful
17
Replies

Need to setup Public Wifi without a password AP1142AG

dradunsky
Level 1
Level 1

Good Morning,

I am trying to set up Public wifi on my three AP1142AG WAPs.  They are configured for WDS and VLAN 1 is our corporate network.  VLAN 2 is the public network.  All this works just fine.

What I need to do is make the Public WiFi available without a password.  (Yes, I know that this is not a recommended or even smart idea.  But, the client (a City) is adamant.)

Failing a NO PASSWORD scenario is there a way to make the password short (3 or 4 characters at most).

Thanks for the help.

David Radunsky

6 Accepted Solutions

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

Well autonomous AP's don't have a guest portal page.  You would need to have a WLC if you wanted to do what you mentioned.  You might look at some 3rd party hotspot software that is built for guest portal access.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

There are free guest portals you might consider..

http://www.untangle.com/store/captive-portal.html

You can provide the customer the software for free and upcharge on the installation.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

so let's backup here.

The only requirement you have stated is a free public wifi with no password.  This is doable on an aIOS AP.  Just remove the WPA/TKIP settings.  no encryption, no PSK.  done.

Now, if the city wants some sort of AUP, that is a different story.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

Scott Fella
Hall of Fame
Hall of Fame

What we are trying to say is you shouldn't use a psk for guest. You should look at something that has a guest portal. So open authentication to a guest portal.

Makes sense?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Let start all over ..

1. What is your business need for the GUEST network

     A. Do you require it to be open with no security

     B. Do you require a password on the guest network

     C. Do you require a guest welcome page

     D. Do you need to apply some time of security to the guest wireless

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

Well the term "open" is used to mean unencrypted for almost all folks. However "open" authentication has other meanings in 802.11 talk. But that's a different discussion.

Having an open network isnt really a bad thing, so long as you block the correct content. It is crazy they dont want a AUP so the folks know what they are connected to with terms and conditions. But you cant have a encryted network UNLESS you deploy a PSK key or some other time of advanced security like 802.1X. Which adds to tyhe hassle for guest. Lets face it .. You would have to advertise the PSK key and most folks wouldnt know what to do with it anyway.

Sounds to me .. create a open network. Apply your qos and fw rules.

if you find any of this helpful . if you dont mind support the rating system.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

17 Replies 17

Scott Fella
Hall of Fame
Hall of Fame

Well autonomous AP's don't have a guest portal page.  You would need to have a WLC if you wanted to do what you mentioned.  You might look at some 3rd party hotspot software that is built for guest portal access.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott,

Thank you for the prompt reply.  I was aftraid that was the answer.

The client is not interested (read did not budget) for new APs.  So I guess some password will be the answer.

Possibly something shorter than the 14 characters required by WPA.

Thanks, again!

There are free guest portals you might consider..

http://www.untangle.com/store/captive-portal.html

You can provide the customer the software for free and upcharge on the installation.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Scott Fella
Hall of Fame
Hall of Fame

Well I guess you can do that but now they will have to support guest user. Like I mentioned, look at some 3rd party software or some open source as that would be the best way to handle it. Using wpa psk isn't really making it a nice easy way to access a guest network.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

dradunsky
Level 1
Level 1

Scott / George,

Thank you both.  However, I don't see how a 3rd party app would be of help.  They can't connect to the AP unless they have the wpa key, so how do they get to the third party application.

Am I missing something?

Thanks, again and again.

so let's backup here.

The only requirement you have stated is a free public wifi with no password.  This is doable on an aIOS AP.  Just remove the WPA/TKIP settings.  no encryption, no PSK.  done.

Now, if the city wants some sort of AUP, that is a different story.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Steve,

Let me be sure I understand.  You said:

The only requirement you have stated is a free public wifi with no  password.  ->That is correct.

This is doable on an aIOS AP.  Just remove the WPA/TKIP  settings.  ->  So this allows any user to connect?

no encryption, no PSK.  ->  Does this then mean that the transmission between wap and client are not encrypted?

Thanks.

Scott Fella
Hall of Fame
Hall of Fame

What we are trying to say is you shouldn't use a psk for guest. You should look at something that has a guest portal. So open authentication to a guest portal.

Makes sense?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott,

Possibly.  I am apprently a bit out of my depth with the whole authentication thing.

When you say "open authentication against a port" would that analgous to using RADIUS server for VPN connections on a firewall?

So how do they connect to the Authentication server without a wireless connection?  Or is the connection established UNTIL they fail to authenticate?

Thanks.

dradunsky
Level 1
Level 1

PS. I'm new.  How do I assign points?

Thanks.

Let start all over ..

1. What is your business need for the GUEST network

     A. Do you require it to be open with no security

     B. Do you require a password on the guest network

     C. Do you require a guest welcome page

     D. Do you need to apply some time of security to the guest wireless

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George,

Sorry to be confusing the issue.

1. What is your business need for the GUEST network ->  Public access wifi while users are in Town Hall.  The Town

                    just wants to provide wireless with no strings attached.  (Yes, that is scary.)  My firewall will be doing

                    minor web filtering to keep porn out of Town Hall (at least I got them to agree to that.)

     A. Do you require it to be open with no security  ->  I would prefer that the communication between device and

                    WAP were encrypted to avoid eavesdropping, is that what you mean by security?

     B. Do you require a password on the guest network  -> No

     C. Do you require a guest welcome page  ->  No 

     D. Do you need to apply some time of security to the guest wireless  -> Security?  Other than encrypted

                    transmission, no.  Is this the same as A?

Thanks again.

Ok, if you require the wireless connection between the guest and access point you do need PSK or some advance encryption like 802.1X. But either will require the guest user to add a PSK key or password. Not very guest friendly.

Here is what I might suggest ..

1. Open network (the purpose of the guest network is to be open and easy)

2. Apply your firewall rules to keep from accessing certain things

3. Consider a guest portal page (like the one I mentioned). This way people have to "accept" terms and conditions.

4. Apply bandwidth restrictions so guest don't eat up your pipe

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George,

Thank you! 

So should I understand an "Open wireless" to be un-encrypted?

     Am I crazy to think that this is a bad idea, or just paranoid?

2 and 3 are good suggestions.  In all Towns that we manage public wifi there is an AUP page and acceptance.  But these folks don't want to be seen as censors, so they just the old "go for it".

4, I hadn't thought of but that is a mighty good idea. 

Thank you again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: