Solutions

Home Solutions - Visitor Access

Secure Guest Wifi Access

Secure guest access has proven to be popular with enterprises as a way of providing customers, vendors, consultants, and other corporate visitors with Internet access. This is offered as a convenience and a way to make the meetings or engagements at corporate as productive as possible, with the guests able to access email or websites during their visit.

With these benefits come concerns regarding the ease of use, security, and legal liabilities of the guest access system. Wireless LANs are a natural fit to provide this access as organizations don't need to provide Ethernet connections in every location, users do not need to bring cables, and today virtually all laptops ship with integrated wireless networking. However, there are also concerns that these guest users should not have any access to sensitive corporate resources and that they should abide by the company's terms of use for Internet access.

The cooperative control architecture from Activeprism addresses all of these concerns with a simple and flexible approach. Corporate guests can associate with a guest-specific SSID and be assigned the default policy for the SSID. Or they can associate with the more granular user profile-specific policies based on attributes supplied by RADIUS if guest user credentials are supplied. The access points present guests with a captive portal web page that captures and logs information about them and requires them to accept the company's terms of use before being given access to the Internet. Guest traffic can be isolated in one of three ways:

  • SSID settings and policies for guest access can assign users to a guest VLAN
  • Access points can tunnel their traffic directly to the Internet DMZ
  • Security and QoS policy enforcement are performed at the access point for the guest user. This may optionally be used to restrict guest access to only the Internet or other authorized resources, limit their bandwidth, and prevent layer 2 through layer 4 denial-of-service (DoS) attacks that could otherwise consume valuable air time and resources