1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Isolate network for guests

Discussion in 'Networks' started by reverb, Feb 14, 2012.

  1. reverb

    reverb Byte Poster

    Hi all,

    Sometimes we have guests who either used the wifi or use a wired connection to our network and we usually give it a quick scan before allowing access. This is ok because we usually don't have regular guests that much; in recent weeks there have been more than the usual because of ongoing projects which made me think a little. What is worrying are viruses that could potentially infect the network from guest laptops. What would be a reasonable or good practice to prevent such a thing whilst still allowing guests to use the network?

    How do you guys deal with guests using your network? I don't work for a huge company so don't have a big budget :D

    Last edited: Feb 14, 2012
  2. Boffy

    Boffy Megabyte Poster

    In our situation (only 60 staff and being a not for profit organization) we have a seperate internet line (1mb :D) for guests to connect to via Wifi or certain network ports.

    This enables us to keep our network secure as there is absolutely no way of interacting with the machines on our domain.

    I'm not sure how viable that is for you, I suppose is also depends on your environment (ie: is Wifi is going to have the range you need?).
    Certifications: BSc Computer Game Technology, A+
    WIP: MOS 2010
  3. Cunningfox

    Cunningfox Byte Poster

    We have a guest wifi network on an isolated vlan with internet access only. It goes through our main firewall and is restricted from accessing anything internal and vice versa.
    Certifications: CCNP, CCNA, MCP
    WIP: ??
  4. Simonvm

    Simonvm Kilobyte Poster

    We have a separated cable line (consumer subscription) which enters our switching environment in a separate VLAN.
    The WAN side is terminated at a Visitor Appliance which acts as the gateway for the visitor network.

    This is the gateway appliance: Wireless Hotspot Solution

    The appliance's LAN side is in another VLAN and there's a ticket printer installed at the reception.
    That same VLAN is then forwarded to the trunks of our WLAN controllers and published on a VISITOR SSID.

    People that connect to the VISITOR network are forwarded to an authentication page, when making their initial HTTP request, where they have to enter the username/password they've received at the reception.

    There, that should sum it up :)
    Certifications: MCITP: EST, MCDST, MCTS, A+, N+, CCNP, CCNA Wireless
  5. reverb

    reverb Byte Poster

    We do actually have more than 1 internet connection but it's for 2 different departments, so a 3rd connection would not be feasible just for guests :D

    Think this might do...will need to test and research this one.

    Interesting. Will take a look at this. Cheers

    I just was thinking when replying to thread. Is there also a way around to stop people accessing the LAN if they just took the network cable and plugged it into their laptop?

    Thanks guys. I do appreciate the help. :)

Share This Page