- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 07:58 AM - edited 07-03-2021 11:24 PM
Good Morning,
I am trying to set up Public wifi on my three AP1142AG WAPs. They are configured for WDS and VLAN 1 is our corporate network. VLAN 2 is the public network. All this works just fine.
What I need to do is make the Public WiFi available without a password. (Yes, I know that this is not a recommended or even smart idea. But, the client (a City) is adamant.)
Failing a NO PASSWORD scenario is there a way to make the password short (3 or 4 characters at most).
Thanks for the help.
David Radunsky
Solved! Go to Solution.
- Labels:
-
Other Wireless Topics
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 08:03 AM
Well autonomous AP's don't have a guest portal page. You would need to have a WLC if you wanted to do what you mentioned. You might look at some 3rd party hotspot software that is built for guest portal access.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
*** Please rate helpful posts ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 08:51 AM
There are free guest portals you might consider..
http://www.untangle.com/store/captive-portal.html
You can provide the customer the software for free and upcharge on the installation.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
___________________________________________________________

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 09:28 AM
so let's backup here.
The only requirement you have stated is a free public wifi with no password. This is doable on an aIOS AP. Just remove the WPA/TKIP settings. no encryption, no PSK. done.
Now, if the city wants some sort of AUP, that is a different story.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 09:29 AM
What we are trying to say is you shouldn't use a psk for guest. You should look at something that has a guest portal. So open authentication to a guest portal.
Makes sense?
Sent from Cisco Technical Support iPhone App
*** Please rate helpful posts ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 10:02 AM
Let start all over ..
1. What is your business need for the GUEST network
A. Do you require it to be open with no security
B. Do you require a password on the guest network
C. Do you require a guest welcome page
D. Do you need to apply some time of security to the guest wireless
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
___________________________________________________________
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 10:58 AM
Well the term "open" is used to mean unencrypted for almost all folks. However "open" authentication has other meanings in 802.11 talk. But that's a different discussion.
Having an open network isnt really a bad thing, so long as you block the correct content. It is crazy they dont want a AUP so the folks know what they are connected to with terms and conditions. But you cant have a encryted network UNLESS you deploy a PSK key or some other time of advanced security like 802.1X. Which adds to tyhe hassle for guest. Lets face it .. You would have to advertise the PSK key and most folks wouldnt know what to do with it anyway.
Sounds to me .. create a open network. Apply your qos and fw rules.
if you find any of this helpful . if you dont mind support the rating system.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
___________________________________________________________
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 08:03 AM
Well autonomous AP's don't have a guest portal page. You would need to have a WLC if you wanted to do what you mentioned. You might look at some 3rd party hotspot software that is built for guest portal access.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
*** Please rate helpful posts ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 08:46 AM
Scott,
Thank you for the prompt reply. I was aftraid that was the answer.
The client is not interested (read did not budget) for new APs. So I guess some password will be the answer.
Possibly something shorter than the 14 characters required by WPA.
Thanks, again!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 08:51 AM
There are free guest portals you might consider..
http://www.untangle.com/store/captive-portal.html
You can provide the customer the software for free and upcharge on the installation.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
___________________________________________________________
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 08:51 AM
Well I guess you can do that but now they will have to support guest user. Like I mentioned, look at some 3rd party software or some open source as that would be the best way to handle it. Using wpa psk isn't really making it a nice easy way to access a guest network.
Sent from Cisco Technical Support iPhone App
*** Please rate helpful posts ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 09:25 AM
Scott / George,
Thank you both. However, I don't see how a 3rd party app would be of help. They can't connect to the AP unless they have the wpa key, so how do they get to the third party application.
Am I missing something?
Thanks, again and again.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 09:28 AM
so let's backup here.
The only requirement you have stated is a free public wifi with no password. This is doable on an aIOS AP. Just remove the WPA/TKIP settings. no encryption, no PSK. done.
Now, if the city wants some sort of AUP, that is a different story.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 09:33 AM
Steve,
Let me be sure I understand. You said:
The only requirement you have stated is a free public wifi with no password. ->That is correct.
This is doable on an aIOS AP. Just remove the WPA/TKIP settings. -> So this allows any user to connect?
no encryption, no PSK. -> Does this then mean that the transmission between wap and client are not encrypted?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 09:29 AM
What we are trying to say is you shouldn't use a psk for guest. You should look at something that has a guest portal. So open authentication to a guest portal.
Makes sense?
Sent from Cisco Technical Support iPhone App
*** Please rate helpful posts ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 09:36 AM
Scott,
Possibly. I am apprently a bit out of my depth with the whole authentication thing.
When you say "open authentication against a port" would that analgous to using RADIUS server for VPN connections on a firewall?
So how do they connect to the Authentication server without a wireless connection? Or is the connection established UNTIL they fail to authenticate?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 09:37 AM
PS. I'm new. How do I assign points?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 10:02 AM
Let start all over ..
1. What is your business need for the GUEST network
A. Do you require it to be open with no security
B. Do you require a password on the guest network
C. Do you require a guest welcome page
D. Do you need to apply some time of security to the guest wireless
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
___________________________________________________________
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 10:13 AM
George,
Sorry to be confusing the issue.
1. What is your business need for the GUEST network -> Public access wifi while users are in Town Hall. The Town
just wants to provide wireless with no strings attached. (Yes, that is scary.) My firewall will be doing
minor web filtering to keep porn out of Town Hall (at least I got them to agree to that.)
A. Do you require it to be open with no security -> I would prefer that the communication between device and
WAP were encrypted to avoid eavesdropping, is that what you mean by security?
B. Do you require a password on the guest network -> No
C. Do you require a guest welcome page -> No
D. Do you need to apply some time of security to the guest wireless -> Security? Other than encrypted
transmission, no. Is this the same as A?
Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 10:39 AM
Ok, if you require the wireless connection between the guest and access point you do need PSK or some advance encryption like 802.1X. But either will require the guest user to add a PSK key or password. Not very guest friendly.
Here is what I might suggest ..
1. Open network (the purpose of the guest network is to be open and easy)
2. Apply your firewall rules to keep from accessing certain things
3. Consider a guest portal page (like the one I mentioned). This way people have to "accept" terms and conditions.
4. Apply bandwidth restrictions so guest don't eat up your pipe
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
___________________________________________________________
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2013 10:50 AM
George,
Thank you!
So should I understand an "Open wireless" to be un-encrypted?
Am I crazy to think that this is a bad idea, or just paranoid?
2 and 3 are good suggestions. In all Towns that we manage public wifi there is an AUP page and acceptance. But these folks don't want to be seen as censors, so they just the old "go for it".
4, I hadn't thought of but that is a mighty good idea.
Thank you again.
