Company Products/Technology Services News/Events Support Spacer Contact Partners Customers
English    日本語
Products Photo

Product Documentation for Enterprise-Managed AP

Documentation Home for Self-Managed and Enterprise-Managed APs | Administrators Guide

Administrators GuidePreviousNextIndex

 


Setting up Guest Access

Out-of-the-box Guest Interface features allow you to configure the Devicescape Enterprise-Managed AP for controlled guest access to an isolated network. You can configure the same access point to broadcast and function as two different wireless networks: a secure "Internal" LAN and a public "Guest" network.

Guest clients can access the guest network without a username or password. When guests log in, they see a guest Welcome screen (also known as a captive portal).

The following sections are included here:

Understanding the Guest Interface

You can define unique parameters for guest connectivity and isolate guest clients from other more sensitive areas of the network. No security is provided on the guest network; only plain-text security mode is allowed.

Simultaneously, you can configure a secure internal network (using the same access point as your guest interface) that provides full access to protected information behind a firewall and requires secure logins or certificates for access.

You can configure an Devicescape Enterprise-Managed AP for the Guest interface in one of two ways:

  • Connect the access point to a separate network using the extra, dedicated Guest network port on the AP. This provides a physically secure solution that does not require VLAN support. (For details on how to set up this type of guest interface, see Configuring a Physically Separate Guest Network.)
  • Configure the access point using a single network with VLANs by setting up the guest interface configuration options on the Administration Web pages for the Devicescape Enterprise-Managed AP. (For details on how to set up this type of guest interface, see Configuring a Guest Network on a Virtual LAN.)
    Note
    • Both methods leverage multiple BSSID and Virtual LAN (VLAN) technologies that are built-in to the Devicescape Enterprise-Managed AP. The Internal and Guest networks are implemented as multiple BSSIDs on the same access point, each with different network names (SSIDs) on the Wireless interface and different VLAN IDs on the Wired interface.
    • On a two-radio access point, the Guest Management and Login settings apply to both Radio One and Radio Two.

Configuring the Guest Interface

To configure the Guest interface on the Devicescape Enterprise-Managed AP, perform these configuration steps:

  1. Do one of the following:
  2. Set up the guest Welcome screen for the guest captive portal as described in the section below, Configuring the Welcome Screen (Captive Portal).

    3. Note
    Guest Interface settings are not shared among access points across the cluster. These settings must be configured individually on the Administration pages for each access point. To get to the Administration pages for an access point that is a member of the current cluster, click on its IP Address link on the Cluster > Access Points page of the current AP. For more information about which settings are shared by the cluster and which are not, see Which Settings are Shared as Part of the Cluster Configuration and Which Are Not?.

Configuring a Physically Separate Guest Network

To configure a physically separate guest network, do the following:

  1. Make two wired connections from the network ports on the access point: one to your secure, internal LAN and the other to a guest network. (See A Note About Setting Up Connections for a Guest Network in the Quick Steps.)

    2. (For a network layout diagram showing physically separate Guest and Internal network connections, see the Evaluation Network Layout in the Evaluation Guide.)

  2. Configure Ethernet (Wired) Settings for physically separate Internal and Guest networks on VLANs as described in the sections in Setting the Ethernet (Wired) Interface.

    3. (Start by enabling Guets Access and choosing "For Internal and Guest access, use two: Ethernet Ports" as described in Specifying a Physical or Virtual Guest Network.)

  3. Provide the radio interface settings and network names (SSIDs) for both Internal and Guest networks as described in Setting the Wireless Interface.
  4. Configure the guest splash screen as described in Configuring the Guest Interface.

Configuring a Guest Network on a Virtual LAN

Notes
If you want to configure the Guest and Internal networks on Virtual LAN (VLANs), the switch and DHCP server you are using must support VLANs.
As a prerequisite step, configure a port on the switch for handling VLAN tagged packets as described in the IEEE 802.1Q standard.
Guest Welcome Screen settings are shared among access points across the cluster. When you update these settings for one access point, the configuration will be shared with the other access points in the cluster. For more information about which settings are shared by the cluster and which are not, see Which Settings are Shared as Part of the Cluster Configuration and Which Are Not?.

To configure a Internal and Guest networks on Virtual LANs, do the following:

  1. Use only one wired connection from the network port on the access point to the LAN. (Make sure this port is configured to handle VLAN tagged packets.)
  2. Configure Ethernet (wired) Settings for Internal and Guest networks on VLANs as described in the sections in Setting the Ethernet (Wired) Interface.

    3. (Start by enabling Guest Access and choosing "For Internal and Guest access, use two: VLANs" as described in Specifying a Physical or Virtual Guest Network.)

  3. Provide the radio interface settings and network names (SSIDs) for both Internal and Guest networks as described in Setting the Wireless Interface.
  4. Configure the guest splash screen as described in Configuring the Guest Interface.

Configuring the Welcome Screen (Captive Portal)

You can set up or modify the Welcome screen guest clients see when they open a Web browser or try to browse the Web. To set up the captive portal, do the following.

  1. Navigate to the Advanced > Guest Login tab.

  2. Choose Enabled to activate the Welcome screen.
  3. In the Welcome Screen Text field, type the text message you would like guest clients to see on the captive portal.
  4. Click Update to apply the changes.

Using the Guest Network as a Client

Once the guest network is configured, a client can access the guest network as follows:

  1. A guest client enters an area of coverage and scans for wireless networks.
  2. The guest network advertises itself via a Guest SSID or some similar name, depending on how the guest SSID is specified in the Administration Web pages for the Guest interface.
  3. The guest client chooses Guest SSID.
  4. The guest client starts a Web browser and receives a Guest Welcome screen.
  5. The Guest Welcome Screen provides a button for the client to click to continue.
  6. The guest client is now enabled to use the "guest" network.

Deployment Example

In the figure below, the dotted red lines indicate dedicated guest connections.

All access points and all connections (including guests) are administered from the same Devicescape Enterprise-Managed AP Administration Web pages.

Administrators GuidePreviousNextIndex