Guest access is an essential part of WLAN deployments these days. From an average user to technical users, when they are traveling, dining, attending business meetings and/or conferences, etc; users are always looking for Wi-Fi access and how to use it. Network operators, engineers have to think about Wi-Fi Guest access early on during the define phase of the project. Someone has to define it, design it, configure it and then support it. Supporting Wi-Fi Guest access in some environments can be cumbersome. No one wants to take ownership of it and/or it gets pushed into a Best Effort, “we will get to it” bucket.
Years ago, I was operating a wireless network with Guest Access and every time we needed to set up vendor/guest access; we were required to create those accounts, send the credentials to the users. Wi-Fi Guest access setup should be easy, require less or no interaction from operators, and from the budget standpoint, I should not have to purchase multiple systems to make it work.
We often have guests at our house for family gatherings. First thing everyone asks is the Wi-Fi password. Trying to give a password to 20 to 30 people and help them connect is annoying when I am trying to cook. This made me look more into Mist Dashboard for Guest Access Solution. My inspiration comes from the following article: Public Wi-Fi – Fast, Free and Easy.
These were my design goals:
- Separate VLAN for the guest traffic.
- Guest network can’t access any other networks.
- Don’t want to pay for any other system/service
- Easy configuration
- Guest can self register
- Guests can self approve
- SSID Schedule
- Ability to advertise on specific APs
- Completely Disable/Enable the SSID easily
- I know I am asking for too much.
Putting it all together in Mist Dashboard:
NOTE: I will not go over the basic steps of creating the SSID but focus on the Authorization piece.
Under Security, choose “Open Access” and assign the necessary VLAN:
Guest Portal:
Because of all my requirements, I needed to customize the guest portal.
Following section is for the initial sign up. My goal was to allow users to self register and self approve. “Customize Label” and “Customize Layout” allow additional customization; I may discuss them in another post.
“Authorization” is the key component. There are multiple options there, but based on what I was doing, I picked “Sponsored Guest Access”. Multiple domains or a single domain can go under “Sponsor authorized domains”. Hit “Ok”, “Save” and that is it. Took a min to do all this.
All this work in action:
Time to connect to this Guest SSID and see it in action.
Once the portal page comes up, guest(s) can enter their information and request Wi-Fi access. This will simply send them an email
Guests can simply open up their email client and approve the request:
Summary:
I could have set this up to approve it myself by including my domain name only, but I did not want to have to do that. This is a really great feature that is available already and does not require any additional hardware and software/licensing. I am thinking enterprise with BYOD struggles. No one wants to manage those devices and have to deal with approving the requests. I can have the BYOD users self-register,self approve their access; it will be restricted to the domain users.
Can the domain field use a wild card or regex?
Use case would be something like *.edu.au to allow students or teachers from other institutions access to a custom Conference or Event SSID.
Good question, looks like wild cards aren’t allowed for sponsored access.