We have been looking at the same issue. We haven't rolled out the changes yet, but here's what we've done.
We have created a separate SSID on our wireless controllers for Guest Access. It puts all Guests in a specific VLAN and we have enabled mandatory Guest Registration which gets you a 12 hour token and access to 80 and 443 only. On our Authenticated Network, we will be removing Guest Access completely. We are aiming to be both Calea and VITA compliant while allowing Guest Access in our environment. Deb Deborah Hovey Boutchyard Director- Network & Communication Services University of Mary Washington (540)654-1217 From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of King, Ronald A. Sent: Friday, October 15, 2010 1:57 PM To: [email protected] Subject: Guest Wireless Is anyone using NAC in any type of role with guest wireless access? We have wide open access now but need to revamp it. Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: [email protected]<mailto:[email protected]> http://security.nsu.edu
