Re: Sharing AP - Guest and Internal

In message 
<74fb60700705180051g9fa5a90nfc14585e710f4a05-JsoAwUIsXosN+BqQ9rBEUg@xxxxxxxxxxxxxxxx>,
 
"saudi
 sans" writes:
> Hi
> 
> We are deploying wi-fi network. It will be used by internal users to
> connect to the wired network and also by guests to browse the
> Internet.
> 
> The solution recommended - On all AP, have two SSIDs, one for Internal
> users and other for Guest users . Configure AD login via MS IAS  for
> Internal SSID and simple shared key for Guest SSID.
> 
> For the Guest SSID configure IP filter an configure IP Redirect to
> send all traffic on Port 80/443 to corporate Proxy server. No IP
> filters for the Internal SSID.
> 
> First , is this technically feasible. Second is this secure. Third,
> without additional software/hardware investment is there a way to
> improve security ?

Most APs will only support a single SSID. Using commercially available 
retail devices one can connect them back to back providing WPA/WPA2 level 
security for internal users and open/WEP/WPA/WPA2 access to guests. When 
I'm finished moving my network, it too will be attached to the daisy chain 
of networks of which guests will have access to the outer ring.

Additional hardware is required. I happened to have a spare AP available to 
implement phase one of my plan.


-- 
Cheers,
Cy Schubert <Cy.Schubert-ZPmQ7LUwQ4JWk0Htik3J/w@xxxxxxxxxxxxxxxx>
Web:  http://www.komquats.com and http://www.bcbodybuilder.com
FreeBSD UNIX:  <cy-HZy0K5TPuP5AfugRpC6u6w@xxxxxxxxxxxxxxxx>   Web:  
http://www.FreeBSD.org
BC Government:  <Cy.Schubert-Vf690tDR14r3fQ9qLvQP4Q@xxxxxxxxxxxxxxxx>

    "Lift long enough and I believe arrogance is replaced by
    humility and fear by courage and selfishness by generosity
    and rudeness by compassion and caring."
        -- Dave Draper