How secure is Ruckus Guest Access with the AP's on our normal IP scope?
We're pretty new to a managed wireless solution but are moving forward nicely.
We use Ruckus for managed wireless and Smoothwall for proxy/web filtering. Smoothwall is also the default Gateway.
We have 10 Ruckus points, all with fixed IP addresses from our usual scope. We have created a Guest WLAN which uses full isolation so clients are unable to communicate with each other or access any of the restricted subnets. We have set a restricted subnet so that they can only talk to the proxy.
We use transparent proxy on port 80 with SSL login. If a guest brings a device in, they can connect to the Guest WLAN and providing they have no browser settings defined, it will automatically take them to the Ruckus AUP page. They agree and are then challenged for a Smoothwall SSL login. We have locked down some AD accounts and issued these to regular guests, such as Adult Education, Connections, etc. It all works great.
If students brought in their own devices, they are able to connect and use the Internet which is fine but without having some type of VLAN or having the Ruckus on a different scope, how secure is it?
If someone was a hacker, could they potential reach areas of the network we wouldn't them to as these AP's are on our normal scope range?
The reason we have it all on our normal IP scope is because we also have a corporate WLAN for staff to use. If we made the Ruckus AP's on a different range, i.e. 192.168.1.1, etc...how would the staff be able to access their Resources, etc?
Would we better of setting up the Guest WLAN on a VLAN and the corporate WLAN on another VLAN? If so, what is the process involved here?
Any help would be much appreciated.