Problem solve Get help with specific problems with your technologies, process and projects.

Simultaneous intranet and visitor access

How do I share a single AP between employees (to access their intranet) and visitors (to access the Internet)?
One method of supporting simultaneous Intranet and visitor access is to compartmentalize users by SSID. Using an AP that supports multiple SSIDs, define SSID#1 for open system mode (guest access) and SSID#2 for secure mode (employee access). Map each SSID to a different VLAN, and use VLAN switching to ensure that guest traffic goes only to/from the Internet, while employee traffic can also flow to/from your intranet.

However, VLANs really aren't a substitute for firewalls. Many organizations use some type of firewall, WLAN gateway, or WLAN switch to control wireless network access. For example, a WLAN gateway from Bluesocket or Vernier can require every user to log in to reach the network on the far side of the gateway. Visitors can be granted access to the Internet and selected applications/ports, while authenticated users (employees) can be granted access to additional destinations and applications in accordance with group or user level policies. In this configuration, you can still have separate SSIDs to apply different airlink security policies, or you could have one common SSID and use VPN tunnels to secure employee traffic over the air.

Dig Deeper on Mobile networking

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.