Setting up guest wifi for public

shifty_uk

shifty_uk

shifty_uk

Soldato
Joined
27 Sep 2004
Posts
13,618
Location
.
I have a customer that has a warehouse operation with a shop/public facilities under one roof.

Unfortunately the phone signals in the area aren't the best so they're looking to get some form of wifi in place that will allow guests to easily connect when on-site.

Does anyone have any knowledge of what setup is required?

They have a leased line with enterprise firewall and router so something that's relatively easy to plug and play would be ideal.

Initial browsing found found this but not sure how secure it would be:
 
Depends on what else they want other than guest wifi?



E.g. our work wifi set-up is numerous Ubiqiuti Unifi access points and we have 2 separate SSIDs;

"GUEST" is an open SSID that has a captive portal provided by Unifi that just states the terms and conditions, users click accept, and in the background they are then placed onto a separate VLAN, separate DHCP range provided by the router, and provided with basic web filtering via OpenDNS DNS Servers as well as being rate limited (~10Mb up/ 10Mb down).

our main "WORK" SSID makes use of Private Pre-Shared Keys, so we have several different "Passwords" and depending what is entered puts devices onto different VLAN / Networks. So e.g. we have 1 password for our devices used in the warehouse that connect to our main network, but can also give each onsite customer their own password that allows them to use their devices, but isolated to their own VLAN on site (rather than them using the guest portal every day).

 
As above, also if you want to go that way, my TPLink AP (and I'm sure other vendors can do similar) supports joining via e.g. facebook authentication on a portal.. maybe not the best fit now as I realise FB is for old farts!

And yes, definately separate it via VLAN from tha main business network and apply some filtering (afaik, as the owner of the connection you're responsible for any traffic that goes through it)
 
Last edited:
Thanks for the response guys,

This stuff is a bit over my head tbh. The main requirements are secure, easy-to-manage guest wifi with a captive portal(built in ideally), and proper network separation i.e. guest users shouldn’t be able to access the core business network. The core business setup is already in place, so we’re really just looking to add a simple guest WiFi layer on top without needing to rework the existing infrastructure.

Armageus said:
our main "WORK" SSID makes use of Private Pre-Shared Keys, so we have several different "Passwords" and depending what is entered puts devices onto different VLAN / Networks. So e.g. we have 1 password for our devices used in the warehouse that connect to our main network, but can also give each onsite customer their own password that allows them to use their devices, but isolated to their own VLAN on site (rather than them using the guest portal every day).

Click to expand...

This sounds impressive but a bit overcomplicated for the current requirements.

Edit: Should add that a layer of logging/monitoring would also be ideal, to ensure guests aren't using the wifi for dodgy stuff.
 
Last edited:
Do they not already have some sort of wireless network? I strongly recommend against deploying separate access points in the same area as an existing Wi-Fi network.

If this is for the general public to access then you'll want to go to someone like Purple Wi-Fi who will derisk all this for you - otherwise someone sitting in the car park downloading their fill of child abuse images is traced back to your organisation and you have no logging in place that could even start to provide a lead on who the actual offender is. Guest Wi-Fi is a solved problem technically, it's something that on most wireless platforms could be implemented with 30 minutes of work, it's all the liability stuff that becomes a nightmare.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom