Uh, some questions: How did you set this up so it doesn't interfere with your production wireless network, assuming you have one? By this, I mean mostly to ask if you did a site survey so that your guest WAPs don't have overlapping frequencies with your production WAPs.
What security, if any, do you have set up on this guest network? Does it have a different SSID than your production network? When I did this, I set up a second SSID on our Cisco WAPs, and assigned that SSID to an L2 VLAN with no access to the production network, and terminated it on our firewall. I made it a completely open SSID - no auth. This might change in the future. To achieve this, I put up a tiny FreeBSD box running DHCP and limited the number of addresses it would hand out. We're in a relatively isolated building, so I'm OK with this for now, but I'll probably put up a captive portal on the FreeBSD box at some point, and specify some set of credentials that must be assigned to guests to get out. Kurt On Tue, Feb 21, 2012 at 09:34, Evan Brastow <ebras...@automatedemblem.com> wrote: > Hi all, > > > > I've recently set up a wireless router in the DMZ on our firewall. This will > allow consultants, salesmen, etc... to have a connection to the Internet > when they come in, with no connection to our network. > > > > Now, however, in order to take the final step in this process and be sure > someone can't just plug into a network port, it would seem I need to do one > of two things: > > > > 1) Stop our DHCP server and give all network devices (less than 50 or so) > static IP's. > > > > or > > > > 2) Restrict DHCP to only listed MAC addresses. > > > > So, my questions are - which of these two would be easier (does it really > make much difference?) or is there a third option I don't see? > > > > Thanks, as always :) > > > > Evan > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
