Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2707
Views
0
Helpful
6
Replies

wireless guest-net IP before login

Go to solution
ppellettiere
Level 1
Level 1

‎08-30-2011 01:28 PM - edited ‎07-03-2021 08:38 PM

We have a wireless guest net and we broadcast it thru-out our hospital.

The problem is with all the IPAD's, IPHONE's, ADROIDS and such roaming

around the hospital we are using all of our Class C IP addresses. Is there a way setup

the WISM to keep the clients  from getting an IP before the client logins? 

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎08-30-2011 01:41 PM

yea, i feel your pain ... We have 2000 guest daily here at our hospital and as you know people just walking by with wifi devices will get an IP.

One way -- Don't broadcast your SSID. Clients would need to manually join your network and then get an IP.

No other way around it in an open "hot spot" easy to access kinda way.

Im sure thats not what you wanted to hear ...

edit: Another way is to open a much larger scope. We have a /21 here and it works fine. We show as many as 3000 scopes out but normally only have 500 - 2000 users AT MAX ... We also shorten the DHCP scopes to 3 hours.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎08-30-2011 01:42 PM

Unfortunately no,not by default anyway. 

Best way to deal with this is short lease timers, say an hour or two, depending on trends you are seeing in your network.

Possibly you could use ISE to identify the type of device and push it to a different VLAN, but if the WLAN is open, anything can attach, and get an IP address.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

0 Helpful

Go to solution
daviwatk
Level 3
Level 3

‎08-30-2011 08:08 PM

Lowering the DHCP lease times, as mentioned previously, is probably the best manageable mitigation.  You may also consider changing your SSID to something other than a generic name such as "Guest" or "Default", etc, assuming that is the case currently.  Some client devices will be attracted to generic SSIDs and initate a connect attempt without user interaction.

If neither of these options are feasible or remedy the issue, your only recourse would be to expand the lease range/network size of this guest network.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎08-30-2011 01:41 PM

yea, i feel your pain ... We have 2000 guest daily here at our hospital and as you know people just walking by with wifi devices will get an IP.

One way -- Don't broadcast your SSID. Clients would need to manually join your network and then get an IP.

No other way around it in an open "hot spot" easy to access kinda way.

Im sure thats not what you wanted to hear ...

edit: Another way is to open a much larger scope. We have a /21 here and it works fine. We show as many as 3000 scopes out but normally only have 500 - 2000 users AT MAX ... We also shorten the DHCP scopes to 3 hours.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
ppellettiere
Level 1
Level 1
In response to George Stefanick

‎08-31-2011 06:14 AM

I would prefer to stop broadcasting the SSID but

I don't think management would want to make it

so that a user needs to setup the SSID on their

device. Especially the doctors who use it...

So lower lease times and expand the ip scope.

Thanks for the help!

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎08-30-2011 01:42 PM

Unfortunately no,not by default anyway. 

Best way to deal with this is short lease timers, say an hour or two, depending on trends you are seeing in your network.

Possibly you could use ISE to identify the type of device and push it to a different VLAN, but if the WLAN is open, anything can attach, and get an IP address.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
daviwatk
Level 3
Level 3

‎08-30-2011 08:08 PM

Lowering the DHCP lease times, as mentioned previously, is probably the best manageable mitigation.  You may also consider changing your SSID to something other than a generic name such as "Guest" or "Default", etc, assuming that is the case currently.  Some client devices will be attracted to generic SSIDs and initate a connect attempt without user interaction.

If neither of these options are feasible or remedy the issue, your only recourse would be to expand the lease range/network size of this guest network.

0 Helpful

Go to solution
ppellettiere
Level 1
Level 1
In response to daviwatk

‎08-31-2011 06:15 AM

I would prefer to stop broadcasting the SSID but

I don't think management would want to make it

so that a user needs to setup the SSID on their

device. Especially the doctors who use it...

So lower lease times and expand the ip scope.

Thanks for the help!

0 Helpful

Go to solution
thomas03usmcsf
Level 1
Level 1

‎08-31-2011 07:50 PM

You could also give your clients private ip addresses and then NAT them. This would enable you to have much bigger networks for guest clients.

Sent from Cisco Technical Support iPhone App

0 Helpful
Review Cisco Networking for a $25 gift card
Top