Reap the business benefits of guest network access without compromising security or draining resources.Next StepsLearn how to enable guest networks without compromising security. Learn about planning and design services for guest access. (PDF - 86 KB) The Cisco guest access solution of the Cisco Unified Wireless Network, provides a convenient, cost-effective way to offer wired and wireless guest access while maintaining the security of your internal network. A guest network can serve many important business purposes, from streamlining business with partners, vendors, and consultants to providing hospitality. For instance, it can:
With the Cisco Unified Wireless Network, you can ensure that client devices comply with security policies, automatically quarantining threats to network security. Cisco WLAN solutions let you:
Wireless LANs and Guest Services: Natural PartnersWLANs provide a simple way to offer both wired and wireless guest access. With a single WLAN infrastructure, you can cover internal business needs and provide an open guest network to visitors. The Cisco Unified Wireless Network architecture uses WLAN controllers and the Cisco Wireless Control System (WCS) to centralize configuration, management, and monitoring of wireless access points. With this architecture, virtual LAN (VLAN) and subnet configuration are needed only at the access switch to which the controller is connected. For example, in a large organization that requires 300 access points to cover its guest network, you would need to configure only one Cisco Wireless Services Module (WiSM) to route guest traffic to the appropriate subnet and VLAN. There is no need to set up IP networking for individual guest users. The Cisco Unified Wireless Network can also be used to enable wired guest access. A unified wired and wireless guest access solution greatly reduces the complexity and cost of guest access services, because both wired and wireless guests use the existing wireless infrastructure and IT administrators can use a single unified management interface to manage and monitor guests. Implementing a Secure Guest Access NetworkWhatever the business reason for guest access, your implementation and security goals should include the following:
Setting Up Your WLANTo allow multiple user groups to use the same infrastructure while preserving easy connectivity for anyone with a compatible Wi-Fi client, the Cisco guest access solution enables up to 16 independent WLANs, each of which is defined by a unique network name (SSID), security, and quality-of-service (QoS) setting.
Each SSID can be directed to a specific VLAN, ensuring that only the necessary resources are available to the users of that SSID. If isolating guest traffic using a VLAN does not provide sufficient security for your organization, you can use the Cisco Unified Wireless Network to create a Layer 2 tunnel that directs all guest traffic outside the unsecured network area to a controller dedicated to guest services. Even remote and branch office guest users can be tunneled to a "guest" WLAN controller, which then applies the appropriate policies before granting Internet access. Managing Guest AccessTo manage guest access, the Cisco Unified Wireless Network lets you redirect guests' browsers to a captive portal page, which can contain information, require a username and password, or require guests to consent to terms and conditions before allowing them to continue. Monitoring Use by GuestsThe Cisco Unified Wireless Network allows you to monitor guest use of the network including statistics such as:
If access to the network requires a username and password, an individual client's current location can also be tracked. Prioritizing AccessThe Cisco Unified Wireless Network supports prioritized use of the network by critical enterprise applications or data type. It offers four levels of QoS prioritization for each WLAN. For example, applications can be prioritized as follows:
|
 |
Guest