Internet Related/Filtering/Firewall Thread, Guest wireless access in Technical; We wish to set up guest access to our wireless network in such a way that students can access the ...
11th July 2011, 08:32 AM #1
- Rep Power
Guest wireless access
We wish to set up guest access to our wireless network in such a way that students can access the internet from their own devices without seeing anything else on the school network. We have set this up a second, unsecured SSID on our Ruckus wireless controller.
I assume we somehow need to configure a second DHCP server to issue IP addresses to guest devices in a different range from the school domain. Unfortunately the wireless controller cannot do this itself.
Does anyone have any experience of this and have any suggestions on how it can be achieved?
16th July 2011, 07:11 PM #2
Hi jwood, you can achieve this by using a layer3/4 ACL, or change the WLAN isolation to full.
By setting the WLAN isolation to full this will apply the L3/4 ACL fromthe guest settings to the WLAN, plus prevent client to client traffic over te AP.
This is configurable under guest access. By default the ZD will deny access to the subnet in which the ZD lives and all the other private ranges(192.169.x.x/16 etc). The are however 3 allow rules that you cannot see.
These are allow DNS and DHCP on the broadcast and access to te default GW on all ports. So if you have a proxy or a different GW for the clients to hit then you will need to had this to the list, at the top.
The other way is to create a L3/4 ACL is by going to access control on the ZD and and creating the ACL that is relevant then back to the WLAN in question and applying it under advance settings.
This is subject to the code running on your ZD.
You will heed to be on at least 8.2 in order to have both options avaliable to you.
If you are on anything below, PM me.
Sorry for spelling mistakes, on my phone.
18th July 2011, 10:14 AM #3
- Rep Power
Stuart, thanks for the information. I'll have a go at it this week and will hopefully get something sorted.
18th July 2011, 10:23 AM #4
If you offer guest WiFi you'll in effect become an ISP? You'll get it in the neck for all violations commited on that wifi, Copyright etc. Am I wrong?
29th July 2011, 06:16 PM #5
We run Cisco wireless controllers here. Our guest WIFI access was setup as a segregated VLAN using a private class C address scheme. The controllers themselves will do DHCP, but we needed something more configurable so that would could set options in the DHCP scope. I whipped up a CLI install of Ubuntu with DHCP and Apache, and plugged it into the core switch with the port set to the guest WIFI VLAN. The entire point was to have a setup in place that could do automatic proxy detection for guest users since our guest WIFI requires proxy settings.
3rd August 2011, 11:17 PM #6
Our school also is using a Ruckus setup. The issue i've had concerns guest wireless access and our proxy server. When explaining to a user what I am changing their internet options and that they will need to disable the proxy settings when finished, they usually end up saying forget it. Has anyone else figured out a solution for Ruckus ZD to either bypass the proxy or provide proxy detection for guests like Duke5A has?
By nephilim in forum Internet Related/Filtering/Firewall
Last Post: 7th November 2010, 10:28 PM
By mickeyh080 in forum Wireless Networks
Last Post: 12th August 2010, 11:08 AM
By nicholab in forum Wireless Networks
Last Post: 9th October 2009, 09:27 AM
By steveo2000 in forum Wireless Networks
Last Post: 28th July 2009, 11:07 AM
By steveo2000 in forum Internet Related/Filtering/Firewall
Last Post: 19th March 2009, 06:41 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)