11-14-2004 10:44 AM - edited 07-04-2021 10:09 AM
Has anyone set up a wireless network with two SSIDs to work the following way: The first SSID is for employees only. The second is for guests. All APs authenticate MAC addresses from an ACS. The AP assign the proper VLAN for each type of user. The employees have full access, and guest have Internet only access. How does one prevent a guest from accessing the "private" network? Lets say a guest figures out what the "employee only" SSID is, and changes his SSID. This would give him access to the "private" network. Where would I configure(the AP or ACS) the restrictions so as if you are not in the list of employee mac-addresses, then you will not authenticate with the employee only SSID? Any help will be greatly appreciated.
11-14-2004 11:26 AM
If a guest figures out what the "employee only" SSID is, no problem. He needs to know and uses in his NIC an correct MAC addresses you have registered. Besides that, he needs login on your network. A strong authentication method like PEAP can be used
so that employees have a certificate and guest hasn't.
Prevent a guest from accessing the private network is a network issue. The private VLAN is routed to your network and the guest VLAN isn't.
Carlos
11-16-2004 05:54 PM
I do not suggest MAC authentication because it takes a hacker 10 seconds to figure out MAC authentication. If you insist on MAC authentication, you can do the followings:
1. Go to the GUI, click on "SECURITY" and "SSID Manager"
2. Select the SSID and choose "Open" "With MAC"
3. Click on "Advanced Security". You can choose "Local List Only" or "Authentication Server Only"
4. If you choose "Local List Only", you can define the MAC address in the "Advanced Security" Window. The limitation is 50 MAC addresses.
If you insist to use MAC authentication, I suggest you to use static WEP. At least, you encrypt data; so that hackers do not pick up data over the wireless media. Of course, I suggest you to implement one of the 802.1x types.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide