Security

Reply
MVP
Posts: 2,948
Registered: ‎10-25-2011

How to limit internal users to not use the guest network without sponsors.

I have this question of a client, which i bealive is not possible but still ask.

He has in one site  an auto register so anyone can get in the  guest network.   He was asking is there was anyway he can limit that access to real guest and that the internal users cannot use it.  This is because the Guest network has more access to internet than the internal network.  

The thing is that their internal users switch to the guest network to use the guest network but they shouldnt be able to do that.   They do not want to put sponsors...

Maybe if there is any way that to see that if one mac address has  connected  before to the internal network he has no access to  guest network?? something like that? is that possible?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 226
Registered: ‎03-03-2011

Re: How to limit internal users to not use the guest network without sponsors.

You could do something with MAC authentication similar to the below:

 

Add an enforcement profile to your corporate service which adds an attribute to the Endpoint Repository entry identifying the user has been on the corporate service.

Enable MAC authentication on the Guest network SSID.

Add an enforcement or role mapping rule which matches when the Endpoint has the specific attribute set/enabled and applies a Deny Access profile.

 

Please be aware that MAC authentication is not totally secure and anybody determined enough could get around this.

David
ACDX #98 | ACMP | ACCP
MVP
Posts: 2,948
Registered: ‎10-25-2011

Re: How to limit internal users to not use the guest network without sponsors.

Guess this doesnt matter if the controller and the wifi solution is cisco for doing this?

or does it matter?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 226
Registered: ‎03-03-2011

Re: How to limit internal users to not use the guest network without sponsors.

No it shouldn’t matter as long as you can enable MAC authentication on your Guest wireless service which occurs before your current captive portal authentication.

David
ACDX #98 | ACMP | ACCP
MVP
Posts: 2,948
Registered: ‎10-25-2011

Re: How to limit internal users to not use the guest network without sponsors.

We will try that

Thank you!

 

cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: