User's Manual

Installation and Configuration Guide: Airgo Access Point 153
8
Configuring Guest Access
This chapter describes how to enable guest user access to the wireless network while protecting the
network from unauthorized use. It contains the following sections:
Overview
Configuring Guest Access
Guest Access Services Panel
Overview
Guest access can be used to allow visitors to a facility to access the Internet through the wireless
network without gaining access to the corporate network. Most current guest user solutions require
guests to access a separate access point that is not part of the corporate network. The Airgo solution
eliminates this requirement by restricting guest access through VLAN tags on the existing access
points. There is no need to set up special access points or to physically restrict the locations used for
guest access.
Unauthenticated users are permitted to associate to an AP, but any web communications are
captured and directed to a controlled landing page, the “captive portal.” The landing page allows
the guest user to login using a web-based password scheme. The page can inform unauthenticated
users of the network access policies and provide instructions on obtaining the guest password.
Following successful authentication, the guest user is released from the captive pages and allowed
to access any resource on the guest VLAN.
The VLAN configuration of the upstream network should make available only those network
resources set aside for guest use. This often means prohibiting guest stations from accessing
anything other than the corporate open subnet or the Internet.
For open guest access, the open access security option must be configured. This precludes the use
of WEP Security Mode on APs that provide guest access, but does permit use of WPA Security
Mode.
VLANs and security privileges are assigned to users by way of service profiles defined for user
groups and bound to the network SSID. It is required that the VLAN configuration include DHCP
and DNS services.
Guest user authentication can be implemented using an internal or external landing page.