Guest wireless access

Printable View

11th July 2011, 08:32 AM
AnnDroyd

Guest wireless access

We wish to set up guest access to our wireless network in such a way that students can access the internet from their own devices without seeing anything else on the school network. We have set this up a second, unsecured SSID on our Ruckus wireless controller.

I assume we somehow need to configure a second DHCP server to issue IP addresses to guest devices in a different range from the school domain. Unfortunately the wireless controller cannot do this itself.

Does anyone have any experience of this and have any suggestions on how it can be achieved?

Thanks
16th July 2011, 07:11 PM
StuartWhite

Hi jwood, you can achieve this by using a layer3/4 ACL, or change the WLAN isolation to full.

By setting the WLAN isolation to full this will apply the L3/4 ACL fromthe guest settings to the WLAN, plus prevent client to client traffic over te AP.

This is configurable under guest access. By default the ZD will deny access to the subnet in which the ZD lives and all the other private ranges(192.169.x.x/16 etc). The are however 3 allow rules that you cannot see.
These are allow DNS and DHCP on the broadcast and access to te default GW on all ports. So if you have a proxy or a different GW for the clients to hit then you will need to had this to the list, at the top.

The other way is to create a L3/4 ACL is by going to access control on the ZD and and creating the ACL that is relevant then back to the WLAN in question and applying it under advance settings.

This is subject to the code running on your ZD.

You will heed to be on at least 8.2 in order to have both options avaliable to you.

If you are on anything below, PM me.

Sorry for spelling mistakes, on my phone.

Thanks
Stuart
18th July 2011, 10:14 AM
AnnDroyd

Stuart, thanks for the information. I'll have a go at it this week and will hopefully get something sorted.
18th July 2011, 10:23 AM
chazzy2501

If you offer guest WiFi you'll in effect become an ISP? You'll get it in the neck for all violations commited on that wifi, Copyright etc. Am I wrong?
29th July 2011, 06:16 PM
Duke5A

We run Cisco wireless controllers here. Our guest WIFI access was setup as a segregated VLAN using a private class C address scheme. The controllers themselves will do DHCP, but we needed something more configurable so that would could set options in the DHCP scope. I whipped up a CLI install of Ubuntu with DHCP and Apache, and plugged it into the core switch with the port set to the guest WIFI VLAN. The entire point was to have a setup in place that could do automatic proxy detection for guest users since our guest WIFI requires proxy settings.
3rd August 2011, 11:17 PM
atamakosi

Our school also is using a Ruckus setup. The issue i've had concerns guest wireless access and our proxy server. When explaining to a user what I am changing their internet options and that they will need to disable the proxy settings when finished, they usually end up saying forget it. Has anyone else figured out a solution for Ruckus ZD to either bypass the proxy or provide proxy detection for guests like Duke5A has?