Security

I have a question related to a Guest network solution. I am working on a network that currently has two SSID's, one for guests and one for employee's. These two SSID's are basically the same, the guest SSID is used to give guests access to the internet and the employee SSID gives employees access to the internet (Employee SSID is used for BYOD devices). We want to make it so that there is only one SSID for both guests and employees. The SSID is used to gain access to the internet and not for the internal network. The problem is that I don't know how to distinguish the two user groups, so that is why I made a design. You can find the design below.

In the picture, there are three colored blocks visible. These blocks represent a captive portal. So there are three captive portals in total.
My intention is that when a user is trying to connect to the SSID, the user gets redirected to the first captive portal (Green in the picture).
At this captive portal, the user needs to make a decision (Guest or Employee). After the user made the decision, he or she gets redirected to another captive portal.

The first portal (Yellow) represents the "Guest login" portal. At this portal, the guest needs to accept the terms of condition in order to gain internet access.

The second portal (Blue) represents the "Employee login" portal. At this portal, the employee needs to log in using his or her username and password to gain internet access.

The reason I want to use multiple portals is to distinguish the two user groups, because what we want is that guests get less bandwidth and re-authentication time than employees.

Can someone help me and tell me if this is possible to create? And if so, is this the best solution to what we are trying to accomplish?

Kind regards,

Jeffrey Mik

Yes, I think this should work, but why posting under Community Feedback?
Do you have ClearPass for your captive portal? Or if not, what other product do you plan to use for that?
I'm not a big fan of captive portals, because the traffic is unencrypted and can relatively simple be snooped/hijacked even with a PSK on it.

I have a question related to a Guest network solution. I am working on a network that currently has two SSID's, one for guests and one for employee's. These two SSID's are basically the same, the guest SSID is used to give guests access to the internet and the employee SSID gives employees access to the internet (Employee SSID is used for BYOD devices). We want to make it so that there is only one SSID for both guests and employees. The SSID is used to gain access to the internet and not for the internal network. The problem is that I don't know how to distinguish the two user groups, so that is why I made a design. You can find the design below.

In the picture, there are three colored blocks visible. These blocks represent a captive portal. So there are three captive portals in total.
My intention is that when a user is trying to connect to the SSID, the user gets redirected to the first captive portal (Green in the picture).
At this captive portal, the user needs to make a decision (Guest or Employee). After the user made the decision, he or she gets redirected to another captive portal.

The first portal (Yellow) represents the "Guest login" portal. At this portal, the guest needs to accept the terms of condition in order to gain internet access.

The second portal (Blue) represents the "Employee login" portal. At this portal, the employee needs to log in using his or her username and password to gain internet access.

The reason I want to use multiple portals is to distinguish the two user groups, because what we want is that guests get less bandwidth and re-authentication time than employees.

Can someone help me and tell me if this is possible to create? And if so, is this the best solution to what we are trying to accomplish?

Kind regards,

Jeffrey Mik

Yes, we are using ClearPass for captive portal. But what do you recommend instead of using captive portals to let both of the user groups use internet on the same SSID? Because I can't think of another solution to let two groups on one SSID which cannot be distinguished from each other. (Guests don't need to log in).

I am sorry that I posted this in "Community Feedback", I'm new, and I don't know where else to post it. Can you tell me?

Jeffrey Mik

Yes, I think this should work, but why posting under Community Feedback?
Do you have ClearPass for your captive portal? Or if not, what other product do you plan to use for that?
I'm not a big fan of captive portals, because the traffic is unencrypted and can relatively simple be snooped/hijacked even with a PSK on it.

I have a question related to a Guest network solution. I am working on a network that currently has two SSID's, one for guests and one for employee's. These two SSID's are basically the same, the guest SSID is used to give guests access to the internet and the employee SSID gives employees access to the internet (Employee SSID is used for BYOD devices). We want to make it so that there is only one SSID for both guests and employees. The SSID is used to gain access to the internet and not for the internal network. The problem is that I don't know how to distinguish the two user groups, so that is why I made a design. You can find the design below.

In the picture, there are three colored blocks visible. These blocks represent a captive portal. So there are three captive portals in total.
My intention is that when a user is trying to connect to the SSID, the user gets redirected to the first captive portal (Green in the picture).
At this captive portal, the user needs to make a decision (Guest or Employee). After the user made the decision, he or she gets redirected to another captive portal.

The first portal (Yellow) represents the "Guest login" portal. At this portal, the guest needs to accept the terms of condition in order to gain internet access.

The second portal (Blue) represents the "Employee login" portal. At this portal, the employee needs to log in using his or her username and password to gain internet access.

The reason I want to use multiple portals is to distinguish the two user groups, because what we want is that guests get less bandwidth and re-authentication time than employees.

Can someone help me and tell me if this is possible to create? And if so, is this the best solution to what we are trying to accomplish?

Kind regards,

Jeffrey Mik