What is everyone doing to keep Employees and their laptops off the Guest wireless network?
I spoke with an admin that has Websense to filter employee traffic on employee laptops, but his guest network is completely open. Because employees are restricted from going to websites, they more often than not end up on the guest wireless network to do chatting, check their emails, and go to sites they normally cannot go to.
The customer came up with the idea that he could look for ports and hosts that his company laptops would use to connect to his antivirus servers, and his firewall policies for his guest network would automatically block them and blacklist the user when he sees that traffic. The customer knew that Symantec Antivirus on the desktop used UDP 2967 and would contact the antivirus server at 10.12.13.246, so he created the ACL below to blacklist a user that accessed the host on that port:
ip access-list session "Guest"
any any "svc-dhcp" permit queue low
alias "user" any "svc-dns" permit queue low
alias "user" any "svc-http" permit queue low
alias "user" any "svc-https" permit queue low
alias "user" host 10.12.13.246 udp 2967 2967 deny blacklist queue low
What is everybody else using?