Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Mobility

Offering Guest Network Access Cost-Effectively

Reap the business benefits of guest network access without compromising security or draining resources.

Next Steps

Learn how to enable guest networks without compromising security.

Learn about planning and design services for guest access. (PDF - 86 KB)

The Cisco guest access solution of the Cisco Unified Wireless Network, provides a convenient, cost-effective way to offer wired and wireless guest access while maintaining the security of your internal network.

A guest network can serve many important business purposes, from streamlining business with partners, vendors, and consultants to providing hospitality. For instance, it can:

  • Make a research or conference center more attractive to prospective customers
  • Help minimize stock shortages in retail, healthcare, and government
  • Increase customer spending
  • Enable consultants to large enterprises to complete audits more efficiently

With the Cisco Unified Wireless Network, you can ensure that client devices comply with security policies, automatically quarantining threats to network security. Cisco WLAN solutions let you:

  • Authorize guest access to both the wired and wireless network
  • Automatically prioritize traffic to optimize network performance
  • Easily provision guest user access
  • Monitor guest use of the network

Wireless LANs and Guest Services: Natural Partners

WLANs provide a simple way to offer both wired and wireless guest access. With a single WLAN infrastructure, you can cover internal business needs and provide an open guest network to visitors.

The Cisco Unified Wireless Network architecture uses WLAN controllers and the Cisco Wireless Control System (WCS) to centralize configuration, management, and monitoring of wireless access points. With this architecture, virtual LAN (VLAN) and subnet configuration are needed only at the access switch to which the controller is connected. For example, in a large organization that requires 300 access points to cover its guest network, you would need to configure only one Cisco Wireless Services Module (WiSM) to route guest traffic to the appropriate subnet and VLAN. There is no need to set up IP networking for individual guest users.

The Cisco Unified Wireless Network can also be used to enable wired guest access. A unified wired and wireless guest access solution greatly reduces the complexity and cost of guest access services, because both wired and wireless guests use the existing wireless infrastructure and IT administrators can use a single unified management interface to manage and monitor guests.

Implementing a Secure Guest Access Network

Whatever the business reason for guest access, your implementation and security goals should include the following:

  • Create no additional burden for IT administrators to authorize individual users
  • Use existing infrastructure
  • Ensure that internal users and applications have priority over guests
  • Monitor use of the network and prohibit services on a location or per-user basis, as required
  • Ensure that guests have access only to the Internet, not to internal resources

Setting Up Your WLAN

To allow multiple user groups to use the same infrastructure while preserving easy connectivity for anyone with a compatible Wi-Fi client, the Cisco guest access solution enables up to 16 independent WLANs, each of which is defined by a unique network name (SSID), security, and quality-of-service (QoS) setting.
An administrator can define separate SSIDs and settings for different user groups. For example:

  • "Guest" for visitors who need Internet access
  • "Corp" for employees
  • "Shipping" for devices such as bar code scanners

Each SSID can be directed to a specific VLAN, ensuring that only the necessary resources are available to the users of that SSID.

If isolating guest traffic using a VLAN does not provide sufficient security for your organization, you can use the Cisco Unified Wireless Network to create a Layer 2 tunnel that directs all guest traffic outside the unsecured network area to a controller dedicated to guest services. Even remote and branch office guest users can be tunneled to a "guest" WLAN controller, which then applies the appropriate policies before granting Internet access.

Managing Guest Access

To manage guest access, the Cisco Unified Wireless Network lets you redirect guests' browsers to a captive portal page, which can contain information, require a username and password, or require guests to consent to terms and conditions before allowing them to continue.

Monitoring Use by Guests

The Cisco Unified Wireless Network allows you to monitor guest use of the network including statistics such as:

  • Client use by time or access point
  • Client type by protocol and authentication
  • Top five access points by client use

If access to the network requires a username and password, an individual client's current location can also be tracked.

Prioritizing Access

The Cisco Unified Wireless Network supports prioritized use of the network by critical enterprise applications or data type. It offers four levels of QoS prioritization for each WLAN. For example, applications can be prioritized as follows:

  1. Voice: Voice-over-WLAN applications
  2. Video
  3. Best Effort: Enterprise data traffic
  4. Background: Guest network traffic