Wireless Networks Thread, Theoratical question regarding an Ad Hoc network in Technical; I'm currently running a certificate based wireless network (RADIUS server) and I want to automate the process for students in ...
I'm currently running a certificate based wireless network (RADIUS server) and I want to automate the process for students in preparation for about 200 new iPads.
Basically I want to create a separate network to my own that's unauthenticated and then through that I'll have them go to a local IIS server to download the certificate the need to get on the real network (aka internet access to them).
I was thinking of doing this with my WDS server that's already on it's own network, has DHCP installed as well so I could in theory just plug in a WAP and it'll get a DHCP address and start broadcasting.
Now for the question:
Do you think this WAP broadcasting a completely different network/IP address would effect the other WAPs in the area? I'm worried about co-channel interference more than anything as this is controlled by our Cisco Wireless Lan Controller on the primary network but obviously it won't be doing the same for something it can't see.
Rather than setup another AP for this, why not create another SSID on the existing CISCO APs - that SSID correlates to a dedicated VLAN with it's own DHCP pool, you could then setup a catch-all captive portal (using DNS Redirector running on the same Windows box would be one way) this way no matter what website you try to go to on that VLAN, you would always be "stuck" at your IIS site with instructions for installing the cert.
Original Question Answer: You could do this and technically not have a lot of issues, however you would have to obviously implement this setup, it would only be accessible from one place (surrounding the AP) and you will add interference to the channels used by the AP. The amount of co-channel interference would depend on your current density of wireless coverage/ap's and whether you are broadcasting on 2.4ghz or 5ghz.
You could either go for an "onboarding" solution which does exactly this but with some further automation which various vendors offer. Or as the previous user has stated. have a captive portal which has either onboarding instructions.
I would also recommend that you put this on a separate VLAN and DHCP scope (as with an open network a lot of devices will autojoin and take your valid IP's) also implement some firewall rules to deny access to other LAN devices and make it non route-able etc.
In regards to the captive portal you can customise these usually so you could remove the login forms etc and just attach the data that you need.