Manualshelf

User's Manual

ManualsBrandsAccton Technology ManualsElectronicsHiveAP 20ag
21222324252627282930
Chapter 8 HiveManager Configuration Examples
104 Aerohive
EXAMPLE 3:PROVIDING GUEST ACCESS
As a convenience for guests visiting the corporate headquarters or branch office, you provide them with wireless
network access. To preserve bandwidth for employees, the rate limit for guests is somewhat minimized. To maintain
security, visitors are restricted to accessing just the public LAN.
Two approaches are presented in this section:
"Guest Access with Preshared Keys": This approach provides visitors with secured network access by using WPA
or WPA2 with preshared keys and TKIP or CCMP (AES) encryption. It does not include a means for enforcing
visitors to accept a network usage policy before receiving network access.
"Guest Access with Captive Web Portal" on page105: A captive web portal is a way to control network access by
requiring users to authenticate or register before assigning them network and user profile settings that allow
them network access beyond the HiveAP with which they associated. With this approach, registered visitors
activity can be tracked and stored in historical logs on a syslog server for security and compliance auditing.
For the first approach, no extra configuration is necessary other than configuring a guest user profile and SSID. For
the second approach, you might want to customize the registration form used on the captive web portal. To do that,
see "Customizing the Registration Page" on page108 and "Loading Customized Captive Web Portal Files" on page111.
Guest Access with Preshared Keys
You can provide visitors with secure but unregistered network access by issuing them a preshared key to use when
associating with the guest SSID. A receptionist can provide visitors with the preshared key along with access
instructions upon their arrival, as shown in Figure8.
Figure 8 Guest Access Using a Preshared Key
The guest SSID provides secure network access for visitors. Also, by linking visitors to the guest SSID, you can
differentiate them from employeeswho associate with other SSIDs (voip and corp)so that you can apply one set
of QoS (Quality of Service) settings for visitors and other settings for employees. In addition, the user profiles for
employees and guests further separate their traffic into two different VLANs. For instructions on setting up guest
access with a preshared key, see "Guests QoS and User Profile" on page115 and "guest SSID" on page119.
λ½»°¬·±²·
Ê·-·¬±®
Ê·-·¬±®Ž- Ô¿°¬±°
Ø·ª»ßÐ
ײ¬»®²»¬
̸» ª·-·¬±® »²¬»®- ¬¸»
°®»-¸¿®»¼ µ»§
¹«»-¬ïîíŒ ©¸»²
º±®³·²¹ ¿² ¿--±½·¿¬·±²
©·¬¸ ¬¸» Ø·ª»ßÐ «-·²¹
¬¸» ÍÍ×Ü ¹«»-¬Œò