Our company is having a conference at a hotel and I've been asked to see if there is an easy way to extend and broadcast our companies WiFi in the conference room at the hotel. I've heard of that, but have never set it up or anything. Anyone ever do that or provide insight on what all is need from both the hotel side and my side to get that up and running. We do a Flex Connect for all APs currently.
If your controller is reachable over the internet you just need an internet connection for your APs to connect to your controller then it's just like any other office.
If your controller is only reachable over corporate network then setup a router to extend the corporate network to the conference room and plug your APs into that.
It goes without saying that the corporate wireless network should be secure before you expose it in a public environment like that because anyone in range of the WiFi could try to connect.
Maybe you should suggest a more secure (zero trust) approach - same as what most people use for working from home these days. Users connect to public/hotel WiFi then VPN into corporate network as required. That way you don't need to deploy anything.
Thanks for all of the suggestions. I had an idea of what the correct solution would be, but with short time, was looking for something else. The correct solution is to reach out to your ISP a couple months in advance, have them drop a temp circuit for the event. Terminate that circuit into a router, sub-interface and connect switch with applicable VLans and then install FLEX AP. I was just notified about a meeting in 2 weeks so hands are a bit tied as to what I can do.
I have been looking at Zero Trust, but it is not all that it is cracked up to be. I've read several forums, demos, Gartner reviews and even a couple of cloud FW solution providers and get the same message. Cloud hosted FW solutions that speak of Zero Trust are really good at East-West traffic which is awesome, but if you have a production environment in which some of the resources must remain on-prem, the solution providers have communicated that they are not the best for North-South traffic. Also, monetarily, at least to me, it doesn't make much sense. You have to have an onsite router/L3 switch to terminate the circuit, you must have some type of on prem FW, even if it is basic. The circuit would come in, hit the On-prem network infrastructure, be routed back out to the cloud to be processed/filtered by the Cloud FW and then routed in part back to the site. Thats the way I have understood it. Its been difficult to sell the company on this type of design and cost.
Maybe you've been reading a hard and fast definition of zero trust but essentially it means yours devices (laptops) are secure so they can be safely used on "untrusted" networks like public WiFi and your services, wherever they are - internet or corporate network - are independently authenticated and authorised per user (trust nobody, authenticate and authorise everybody) so it throws out the concept of trusting a user just because they are inside a corporate/border firewall. Firewalls are there to enforce traffic flows but don't authenticate and authorise users for applications. You still have firewalls there to keep the baddies out of your network (as much as possible) but you assume they can find their way past the firewall and therefore protect each application/device/server. This is the principle used for thousands of global companies to allow staff to Work From Home - or anywhere that has an internet connection. It's defence in depth - security at every layer - not relying entirely on any single component. Usually combined with comprehensive detection so when (not if) the security is penetrated you can detect and respond to it/contain it promptly. If your company already supports WFH then why not just use that with conference venue WiFi?