Q

Simultaneous intranet and visitor access

How do I share a single AP between employees (to access their intranet) and visitors (to access the Internet)?
One method of supporting simultaneous Intranet and visitor access is to compartmentalize users by SSID. Using an AP that supports multiple SSIDs, define SSID#1 for open system mode (guest access) and SSID#2 for secure mode (employee access). Map each SSID to a different VLAN, and use VLAN switching to ensure that guest traffic goes only to/from the Internet, while employee traffic can also flow to/from your intranet.

However, VLANs really aren't a substitute for firewalls. Many organizations use some type of firewall, WLAN gateway, or WLAN switch to control wireless network access. For example, a WLAN gateway from Bluesocket or Vernier can require every user to log in to reach the network on the far side of the gateway. Visitors can be granted access to the Internet and selected applications/ports, while authenticated users (employees) can be granted...

access to additional destinations and applications in accordance with group or user level policies. In this configuration, you can still have separate SSIDs to apply different airlink security policies, or you could have one common SSID and use VPN tunnels to secure employee traffic over the air.

This was first published in March 2004

Dig deeper on Managing Wireless Networks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchConsumerization

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close