WSUG TechTips: Symbol Wireless Switch

Bill Horne bill at horne.net
Fri Jul 21 12:44:01 EDT 2006 

Cordeiro, Charles wrote:

> I think the easiest solution is to have a second SSID for guests. You 
> can then place wep encryption on this and just tell the guests what it 
> is. If necessary, change this WEP key every once in a while. Yes, WEP 
> encryption can be broken, but it takes a bit of work and probably 
> enough deterrence for your neighbors… plus, it’s just the guest network.
>
> You could use MAC filtering as well, but there’s quite a bit more work 
> involved with that.
>
> ------------------------------------------------------------------------
>
> *From:* TechTips-owner at windowsboston.com 
> [mailto:TechTips-owner at windowsboston.com] *On Behalf Of 
> *frank at lempitsky.com
> *Sent:* Thursday, July 20, 2006 4:31 PM
> *To:* Michael Webb; techtips at windowsboston.com
> *Subject:* Re: WSUG TechTips: Symbol Wireless Switch
>
> Do use a VPN at all? Like a Cisco 3000 concentrator. You could create 
> one VLAN and the only way a user could access your internal network is 
> with the VPN client and appropriate access. As for guests you could 
> use MAC filtering and add the guests MAC address to the table. Or you 
> may want to eliminate wireless for guests all together.
>
> Frank
>
>     -------------- Original message --------------
>     From: Michael Webb <mwebb at sdmc.com>
>
>>
>> Message posted from the TechTips listserv at WindowsBoston.com.
>> A "reply" will reply to the sender and not the listserv.
>> Reply to the group at TechTips at WindowsBoston.com if desired and
>     appropriate.
>> ____________________________________________________________________________
>
>>
>>
>>
>> I just purchased a Symbol WS2000 wireless switch, setup IAS
>     authentication,
>> works great. I also setup a 2nd vlan for our guests, so right now
>     I have
>> two Vlans one that allows access to our internal Network using
>     the Radius
>> server, this is working great. 2nd Vlan does not allow access to our
>> internal network and goes directly to the internet, only place
>     they can
>> get to.
>>
>> The question is how do I easily allow Guests to get to the 2nd
>     vlan without
>> allowing the building next door to access that 2nd vlan anytime
>     they want.
>> I don't want to put much security on the 2nd vlan, just some
>     simple way to
>> allow them through. Any ideas?
>> Thanks,
>> Michael
>
Michael,

I suggest you invest in a hotel/motel Access Point: there are a number 
of vendors, and they all support verification by password. You can leave 
the "public" wlan unencrypted, and just have the secretary hand out the 
password to anyone who needs it.

FWIW. YMMV.

Bill Horne

-- 
E. William Horne
William Warren Consulting
Computer and Network Installation & Service
http://www.billhorne.com/
Voice:	781 784-7287

More information about the Discuss mailing list