cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
626
Views
9
Helpful
7
Replies

Protect Company WiFi from private hotspots with massive interference

Mario S
Level 1
Level 1

We manage a large building with a spacious indoor area where optimizing channel distribution and adjusting transmission power for optimal coverage is quite intricate. Currently, all clients operate on the 5 GHz frequency.

We've observed a significant uptick in the usage of private hotspots lately. This surge may stem from users experiencing sluggish Wi-Fi speeds, as well as the oversight of leaving hotspots active upon entering the building after outdoor use for various reasons. Whether utilized by guests or internal personnel, these hotspots contribute to increased interference and a general decline in Wi-Fi performance. Moreover, this situation triggers the activation of additional hotspots due to the perceived poor Wi-Fi signal. Consequently, it sets off a chain reaction, leading to a domino effect.

We're seeking technical solutions to mitigate or proactively prevent the use of these hotspots. Traditional methods such as communications and rules have proven ineffective in addressing this issue.

We have access to Cisco DNA Center, 98xx, WLC, AIR 9130, and AIR 4800. Any insights or suggestions would be greatly appreciated.

7 Replies 7

marce1000
VIP
VIP

 

 - Ref : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/managing-rogue-devices.html
       One basic action could be to increase RSSI detection levels for rogues ; besides containment which is not always legal 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

JPavonM
VIP
VIP

First advice, do not take any countermeasure agains them to block them as this is not legal in most of the countries and you could be fined. (check FCC (https://www.fcc.gov/general/jammer-enforcement#:~:text=Section%20333%20%2D%20prohibits%20willful%20or,sanctions%20including%20imprisonment%20(47%20U.S.C.) and OFCOM (https://www.ofcom.org.uk/spectrum/rules))

The only option here is to educate people OR, as normally hotspots do not operate on DFS channels, as most vendors do not allow you to select the channel (if using smartphones), this open a possible solution for you to configure DFS channels only in your WLAN infrastructure.

JPavonM
VIP
VIP

By the way, do you know you can prevent Windows and Macs from connecting to other hostspots? If your company manage the laptops (and if tablets and phones are managed with a MDM solution) the best option would be to install a policy to allow wireless connections ONLY to the corporate SSID. If you company do not do that, this is maybe a good time to start doing it.

Another option could be to use special vynils in the windows to reduce external LTE signal inside thus reducing the link quality and data transmission speed, and making users to stop creating hotspots if they see this is not a good option to increase the speed.

Hi JPavonM
My company manage the laptops and so on. Prevent the Laptops from using the hotspot connection is not a good idea. Some colleagues work on buses and trains. This policy would hinder the work.
Is it possible to prevent the use of the Hotspot only in the buildings of the company?

Rich R
VIP
VIP

To add to the warnings about containment.  While it is generally illegal there are specific circumstances where you may be able to use it.  If everything and everyone in the building is subject to company policy you could make it a company policy and then enforce it - check with your HR & legal teams with respect to local regulations.  You'd also have to make sure (somehow) that there was no risk of containing devices belonging to any of your neighbours or outside the building because that would definitely be illegal regardless of company policy.

Some organisations make it a disciplinary offence (security policy) and then have teams roaming the building regularly looking for offenders.  Once people have got a formal warning for using a personal hotspot they will think twice in future and make sure they disable theirs on entering the building.  Obviously visitors will need to be told on entry and you're more limited in what you can do if they ignore you.

The other reason you might find people doing that is with an overzealous filtering policy.  If you block things people need/use for their work it's usually easier to setup their own access than get the corporate blocking updated.

Leo Laohoo
Hall of Fame
Hall of Fame

Understand why people resort to using their phones as a hotspot.  

1.  Not enough WiFi coverage

2.  Usage restriction(s) such as, deliberate throttling of WiFi speed slower than a hotspot, WiFi usage is only for a few and others are left to fend for themselves and "Big Brother" effect, are the most common reasons.  

5.0 Ghz have plenty of channels to use (compared to 2.4 Ghz).  Exactly, how big is the channel width used in this environment?  Is it set to 80- or 160 Mhz?

Thanks for your Comments.
The channel width is 40 MHz. Inside of the Building are some terraces in a complex arrangement. 10 platforms with hundreds of employees.

Review Cisco Networking for a $25 gift card