Isolate network for guests

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

Sometimes we have guests who either used the wifi or use a wired connection to our network and we usually give it a quick scan before allowing access. This is ok because we usually don't have regular guests that much; in recent weeks there have been more than the usual because of ongoing projects which made me think a little. What is worrying are viruses that could potentially infect the network from guest laptops. What would be a reasonable or good practice to prevent such a thing whilst still allowing guests to use the network?

How do you guys deal with guests using your network? I don't work for a huge company so don't have a big budget

Thanks

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

In our situation (only 60 staff and being a not for profit organization) we have a seperate internet line (1mb ) for guests to connect to via Wifi or certain network ports.

This enables us to keep our network secure as there is absolutely no way of interacting with the machines on our domain.


I'm not sure how viable that is for you, I suppose is also depends on your environment (ie: is Wifi is going to have the range you need?).

 

We have a guest wifi network on an isolated vlan with internet access only. It goes through our main firewall and is restricted from accessing anything internal and vice versa.

 

We have a separated cable line (consumer subscription) which enters our switching environment in a separate VLAN.
The WAN side is terminated at a Visitor Appliance which acts as the gateway for the visitor network.

This is the gateway appliance: Wireless Hotspot Solution

The appliance's LAN side is in another VLAN and there's a ticket printer installed at the reception.
That same VLAN is then forwarded to the trunks of our WLAN controllers and published on a VISITOR SSID.

People that connect to the VISITOR network are forwarded to an authentication page, when making their initial HTTP request, where they have to enter the username/password they've received at the reception.

There, that should sum it up

 

We do actually have more than 1 internet connection but it's for 2 different departments, so a 3rd connection would not be feasible just for guests

Think this might do...will need to test and research this one.

Interesting. Will take a look at this. Cheers

I just was thinking when replying to thread. Is there also a way around to stop people accessing the LAN if they just took the network cable and plugged it into their laptop?

Thanks guys. I do appreciate the help.