Best solution for providing an open and secure network

By jjf-88 ·
I would like to know how to provide an open and secure network. We have a lot of BYOD devices that come and go every week. Currently users have to register their device before being allowed on the network. I would rather give users the same experience that they have when they visit Starbucks or Barnes & Noble. I don

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

I want to be able to open my network to everyone and keep malware and

by OH Smeg Moderator In reply to Best solution for providi ...

You can have one or the other but not both.

If you open the system then everyone who wants to has access to the Servers and any Files that reside on them.

Places like Starbucks Do Not allow people who use their WiFi access to internal Company Files they just provide a Open WiFi Access Point with a limited ability to search the net.


Collapse -

Make it open for web traffic only

by gechurch In reply to Best solution for providi ...

That's a very open-ended question, but normally you would create a new SSID for guest/untrusted access and use VLANs to keep it separate. You'd generally put a DHCP server on this VLAN (or if you're not big enough to justify it, allow DHCP traffic to pass to that VLAN) and would also open port 80. There are plenty of WiFi devices around that support all the things you typically need to consider - VLAN tagging, enforcing bandwidth and total download limits, blocking things like P2P and porn, requiring acceptance of terms of service before being allowed to connect etc. Also, if you're talking about supporting phones and tablets check out MDM tools. Meraki have a good free one that you can play with to see the sort of features MDM tools support.

You wouldn't allow access to the database from the guest WiFi network. Set up a terminal server or some other way to authenticate first (eg. make it web based and require credentials, or use VPN).

Collapse -

Reponse To Answer

by jjf-88 In reply to Make it open for web traf ...

Thank you gechurch for your response. This is exactly what I was looking for. I wanted to create one SSID for everyone (guests & staff) and allow staff to have access to the database but keep guests and untrusted users off the database. BUT, you made it clear that I will need to have two SSIDs on separate VLANs. I appreciate your time to answer my question.

Related Discussions

Related Forums