I've recently hit a snag in our deployment of a campus wide wireless network.
Our network it laid out such that our proxy servers hand out 172.16.xx.xx numbers to everyone. So anyone who plugs in to an outlet can put in their user name and password to access the internet (if they have group permissions). I've also set aside a small bank of eight 192.168.xx.xx numbers which we use for some of the accountants who come in annually, I just hardkey in the specific IP and bypass our proxy servers so that they dont need credentials on our network for internet access(and couldn't access network resources if they tried)
For our wireless network we're using cisco 1130 access points which support multiple ssid, vlans, and IP forwarding. they're great (albeit expensive) pieces of hardware capable of much more than we use them for.
I'm looking for a way to allow guests to come in, connect to a "visitors" ssid, and get internet without letting them access our network resources or leaving it open so that our employee's can use the guest account to bypass our security software.
In my opinion, the only way to accomplish this would be through a "portal", setup a server and when a visitor is coming make an account like (login=companyname password=month) then have the server doll out the 192.168.xx.xx numbers via dhcp
does this make sense? does anyone have any good software recommendations? is there another way to do this without the portal hassle?
Our network it laid out such that our proxy servers hand out 172.16.xx.xx numbers to everyone. So anyone who plugs in to an outlet can put in their user name and password to access the internet (if they have group permissions). I've also set aside a small bank of eight 192.168.xx.xx numbers which we use for some of the accountants who come in annually, I just hardkey in the specific IP and bypass our proxy servers so that they dont need credentials on our network for internet access(and couldn't access network resources if they tried)
For our wireless network we're using cisco 1130 access points which support multiple ssid, vlans, and IP forwarding. they're great (albeit expensive) pieces of hardware capable of much more than we use them for.
I'm looking for a way to allow guests to come in, connect to a "visitors" ssid, and get internet without letting them access our network resources or leaving it open so that our employee's can use the guest account to bypass our security software.
In my opinion, the only way to accomplish this would be through a "portal", setup a server and when a visitor is coming make an account like (login=companyname password=month) then have the server doll out the 192.168.xx.xx numbers via dhcp
does this make sense? does anyone have any good software recommendations? is there another way to do this without the portal hassle?