Manualshelf

User's Manual

ManualsBrandsAirgo Networks ManualsElectronicsTrue MIMO Access Point
81828384858687888990
Installation and User Guide: Airgo Access Point 167
8
Configuring Guest Access
This chapter describes how to enable guest user access to the wireless network while protecting the
network from unauthorized use. It contains the following sections:
Overview
Internal Landing Page
External Landing Page
Configuring Guest Access with VLANs
Guest Access Services Panel
Overview
Guest access allows visitors to a facility to access the Internet through the wireless network without
gaining access to the corporate network. Unauthenticated users are permitted to associate to an AP,
but any web communications are captured and directed to a controlled landing page or captive
portal. The landing page allows the guest user to log in using web-based authentication, and can be
implemented by way of an internal or external URL. The page can inform unauthenticated users of
the network access policies and provide instructions on obtaining the guest password. Following
successful authentication, the guest user is released from the captive pages and allowed to access
resources permitted to guest users.
The Airgo AP supports guest access administration with or without the use of VLANs to segregate
guest traffic from other network traffic. Both approaches are compatible with the use of external
and internal landing pages.
Guest Access without VLANs
This option is ideal for hot spot deployments in which guest authentication is required, but it is not
necessary to segregate guest traffic from other network traffic. Once guests are authenticated, they
are automatically assigned a default guest service profile, which includes the default security mode
for the AP, and provided with full network access.
Guest access without VLANs is compatible with open or mixed security modes. Mixed security
modes are desirable if some users have need for ongoing network access, while others will only
access the network periodically as guests. Open access only is desirable for hot spot settings that
caterer almost exclusively to guests.
If the security mode is Open access only, then all users connecting to the configured SSID are
treated as guest users and are directed to the guest login page. Once they successfully log in to the
network, they are connected to the network, but their data traffic is not encrypted.
If the security mode is mixed (with WPA-PSK configured), then users who know the WPA-PSK
password can connect to the network using that password. Their data traffic will be encrypted over
the air. Users who try to connect to the network using open authentication will automatically be
presented the guest login page. Once authenticated, they will be provided network access, but their
traffic will not be encrypted.