Guest network inside company network
Hi All,
I have AirPort Extreme 4th generation which is configured inside company network to give access to internet and internal network for our emplyees. Right now it is working in Bridge mode and just forwards packages from wi-fi clients to DHCP server or whatever they need. I need to configure Guest netwotk to allow only access to internet but not to internal network.
Is it possible to do when AirPort connected to internal router or switch but not to ISP?
Is it possible to do when AirPort connected to internal router or switch but not to ISP?
Not in the way that the AirPort was designed to operate as a device connected directly to a simple modem, making it a "main" router handling DHCP and NAT services.
It is not possible to say whether you might be able to set up the Guest Network function and have it operate correctly.
If you want to try, you need to perform a Factory Default Reset on the AirPort and then configure it to act as a router handling DHCP and NAT services.
That may create DHCP conflicts since you already have another device handling DHCP on the network....and any devices on the "main" network there receiving DHCP from your server will not be able to "see" other devices on the AirPort network, since they will not be on the same subnet.
it will definitely create a Double NAT issue, which will tend to slow down things a bit on the AirPort network.
The bottom line is that you will be breaking some basic network rules if you try this. Whether or it will work cannot be known until you try it out on your own network.
If you have strict network security procedures, the hypothetical setup above is not going to pass when the inspectors come around.
Similar Messages
-
Cannot connect to secure guest network
My company is pushing more of our work content to the iPad2 via internet connection to databases, etc. I work in a hospital as a vendor. The hospital has a guest network setup that requires authentication by providing your email address and accepting their terms and conditions. For a few months I had no issues connecting with the company provided iPad2. For the last month, I have not been able to get connected. I can work on my 3G connection, but most places I go in the hospital do not allow a 3G connection. The iPad sees the guest network, and is connected as indicated by the blue check mark. Additionally, my Android phone and Windows XP laptop connect with no problem.
The information the ipad is pulling from the router is:
IP Address: 172.22.80.149
Subnet mask: 255.255.255.0
Router: 172.22.80.4
DNS: 192.168.16.8
IP address is set to DHCP. HTTP Proxy is OFF. Auto-join and Auto-login are both on. I've tried it with Auto-login turned off too. The error message I get in Safari is: 'Cannot verify server identity. Safari cannot verify the identity of "securelogin.arubanetworks.com".'
I've tried forgetting the network and renewing the lease. I've tried resetting network settings. The hospital's IT department doesn't provide support. Currently my company's IT department is baffled.
The iPad is running iOS v5.0.1. Ipod touch CAN get connected by seeing the authorization screen, agreeing to terms and providing email.
Can anyone please help?!Scott, welcome to the discussions!
First make sure your Radio Mode is set to "802.11n (802.11b/g compatible). The titanium powerbook is probably a "g" or "b" device so you need this setting for compatibility.
Sounds like the titanium powerbook cannot handle WPA/WPA2 security settings. Try WEP and see if that will work.
WEP is not nearly as secure, but you may need to accept that compromise if you want the titanium powerbook to work on the network.
Post back on your progress. -
Guest network and multiple VLANs
Hello all,
I have installed a pair of 5508 controllers in our network. One controller sits inside the network and APs are configured to associate with that controller. The second controller sits on a DMZ interface off the ASA. I have a guest network configured and it works great. I would like to configure additional guest networks at remote locations. Each guest WLAN will have it's own SSID. Is it possible to map all of these to the same VLAN? Or do I need a seperate VLAN and subnet for each SSID.
ThanksScott,
Thanks for the reply. I have created different SSIDs and mapped them to the same VLAN. Everything looks good but I'm getting some strange behaviors on the new SSIDs. It appears that users don't authenticate but I've verified the credentials quite a few times. I wanted to make sure that you could map multiple SSIDs to the same VLAN before I continued troubleshooting. -
Connecting to guest network with iPhone ios5
After upgrading to iOS 5 my iPhone doesn´t work on the guest network on my Time Capsule (It connects, but internet won´t work). The reason seems to be that the assigned IP is not in the range defined for the guest network (but rather in the ip-range for my main network). Both my Macs and ipads get the right ip-address. I`ve tried this with 3 different iphones.
All phones worked on the guest network before upgrading, and still works when I connect to my main wi-fi network.Did you perform a full power cycle and reset of your modem as follows?
Push the reset button on the modem
Power off the modem
Pull the battery if it is easily accessible
Power down all other devices on your network, order is not important
Wait 30 minutes ( It sometimes takes even longer for the equipment back at the cable company to fully reset so that it will issue you a totally new fresh connection. The cable company will never admit this.)
Reinstall the battery if you pulled it from the modem
Power up the modem and let it run by itself for 3-4 minutes
Start up the AirPort Extreme and let it run for 3-4 minutes so that it will fully associate with the modem
Start each device up on the network one at a time about a minute apart
Check for operation. -
hi all,
we running an iPad pilot within our company and I'd like to use the internal wifi guest network. the guest network is using a loghin page with userid and password and a little checkbox to accept the terms.
when i connect with the ipad (and iphone as well) and fill in the required fields it nicely connects. but after sleep or a reboot it keeps coming with the login page and needs the uid/pw/checkbox. I can make the ipad remember the uid/pw and it fills them in the login page but it keeps wanting the checkbox.
there should be some automatic protocol to auto login so I connect to the company wifi just like it is at home (i know, wpa2 at home is completely different, but for the end user is isn't
is there an option somewhere in Iphone config util? Can I pre-deploy guestnetworks with ipcu?
anyone?
cheers,
emielThis is not an iPad / iPhone issue. This is an issue with the way the network is configured in regards to authentication.
Just a guess, but I'm betting you don't have the cooperation of the IT department in this venture, do you? If you have a separate, secure internal network, You may be able to convince them to allow the iPads access to that network instead. The fact that you're trying to use the guest network tells me that IT either doesn't know about this or has prohibited their use on the company network.
That, or the company contracted out the configuration of the network and no-one knows how to get around it.
This wouldn't by chance be a hotel, would it? -
I cannot connect to guest network.
Hi
My Guest network looks OK inTC, but just hangs when I try to access it from my iPhone.
Also my TC screen seems 'blocky' when redrawing and there is no screen with stars!
I'm on Yosemite with a new TC and a new iMac 27"
Please can anyone help? Ive rest the system about 6 times but no difference....!
StuartI have a cable feed to the property into the cable company's router. From there, a network cable into the TC, and then a feed from the TC to the iMac.
That means the TC is in bridge mode and you cannot use guest wireless.. it looks like you can but it actually will not work. Therefore the iphone must connect to the main wireless network.. OR if your cable router is wireless .. most are.. use that for guest wireless network.
As I said, the computer is wired in- my printer is wireless.
But your iphone is using wireless. Only you cannot use guest in your setup.. so use wireless as explained above.
There is a big issue now between Yosemite, iOS 8 and the Airport router.
See the background to this here.
Problems in wireless with yosemite.
AWDL
https://discussions.apple.com/thread/6693499
http://help.apple.com/deployment/ios/#/apd8fc751f59
For that reason I want you to stop the TC from being able to swap channel at 2.4ghz.. whenever it wants to..
The setting is under wireless options.
Change from Automatic, to 11, 8 or 6, in that order.. as they tend to be less used.. 1 and 6 actually are the most overused.
In my previous iMac and TC , the "enter time machine' instruction had a black space background. The current one is blobs of blurred colour which goes into blocky squares when I move the mouse over it.
Ahh.. I see. I will have to boot my one computer that runs yosemite.. I have been keeping it turned off as it causes network havoc.
I might get Bob to comment as he is running Yosemite as main OS now.. and it might be plain sailing for him. -
Wireless Guest network config question
Hello,
I have installed SAP2602I access points at my customers location and configured a corporate network and a guest network. Everything works fine except when a user is connected to the guest network, they cannot access a web server that is hosted internally. Users on the guest network can access any other web-site fine, just not the one hosted by this same company on a local machine. This locally hosted web-site can be accessed by users from the Internet just fine.
I am guessing there is an issue with routing but I am not sure what, any ideas?
Thanks,
Mitchell Smith
North Texas NetworksHi Steve,
Thanks for your reply. I am sure the problem is a hair pinning issue as the firewall config does not allow connections to the outside address from internal clients.
Can you give me a sample config to make this work? Is it just a firewall mod or more than that?
Thanks,
Mitchell -
Guest Network Printing - Best Practices?
I've installed a new 5th Generation Airport Extreme and turned on the Guest Network option.
After trying to get my network printer working when logged into the Guest Network, I came to this Support Forum to figure out what I was doing wrong. Thanks to the expertise of a number of forum members, especially Bob Timmons, I learned that network printing from the Guest Network is not supported via the Airport Express and Airport Utility.
Now, with that said and understood: what are the options for printing when logged in to the Guest Network? As I see them:
1. Emailing files/USB stick swapping
2. Moving the Guest computer to a a printer and connecting directly via USB cable
Are there other options that I'm overlooking?
Any and all thoughts on this are welcomed.Thanks Bob,
It's taken me a few months and a change of ISPs (from ATT to Charter) but I'm back on this now.
I did buy a wireless HP printer with wireless interface. I've attached it to the 5th Generation Airport Extreme Guest Network SSID, but cannot get a computer also connected to the Guest Network SSID to print or even see the HP printer. This includes a Mac with OSX Lion, New iPad, iPhone 4s, and company Dell running Windows 7. I've even tried to add the the printer via IP address manually both to the Mac and the Dell to no avail; even with the specific IP address the error msg says the printer isn't detected on the network.
When I connect to the 5th Generation Airport Extreme normally (not the Guest Network) all is well and printing is no issue on any of these computers, including the Dell (which is actually the one that will be dedicated to the Guest Network / HP wireless printer on the Guest Network.
I suspect there's some very key fact I'm not aware of, and hoping that you know exactly why this is not working.
Many thanks in advance. -
Can a Time capsule be used to provide internet on a guest network but with no access to my files ?
I was recently given a brand new 3TB time capsule.
I would firstly like to partition the drive if possible ? to store films and some old photos etc
I would then like to create a private network for myself with access to the time machine back ups and the partition with my films and photos in
I Would then need to create a guest network for my house mates to use with access solely to the internet and none of my files. is this possible ?
Also, if this is not possible,would it then be possible to plug in an external hard drive to the time capsule (containing my films and old photos etc) and access these files wirelessly on my network ? but also stop my guests from accessing these files over their network ?I would firstly like to partition the drive if possible ?
It is possible in theory, but not easy in practice, and it will void the warranty on the Time Capsule if you attempt to do this. In general, you would need to open up the Time Capsule, remove the hard drive, place the hard drive in a separate enclosure or caddy, connect it directly to your Mac, and use Disk Utility to format the drive. Then, you would need to reinstall the drive back in the Time Capsule and hope that everything works.
Instead of partitioning, you might want to take a look at setting up one or more disk images on the Time Capsule using Disk Utility. This would allow you to reserve a certain amount of space for data and set up a password that users would need to type in before they could access the data inside the disk image.
I would then like to create a private network for myself with access to the time machine back ups and the partition with my films and photos in
The default setup of the Time Capsule will allow you to create a wireless network using a name and password that you want to use.
I Would then need to create a guest network for my house mates to use with access solely to the internet and none of my files. is this possible ?
Whether or not this is possible will depend on the type of modem that you will be using with the Time Capsule. The Guest Network feature can be enabled if you will be using a simple modem with the Time Capsule. Something like this, for example:
However, the Guest Network feature was not designed to work correctly with a modem/router or gateway. Something like this, which is often furnished by Internet Service Providers to their customers:
See the difference? One is a simple modem that only provides an Internet connection to an outboard router, like the Time Capsule. The other device is a modem/router or gateway, which is really two products.....a modem and a router.....in one package. The Guest Network feature was not really designed to work with this type of product, so it may or may not work if you try to use it with this type of device. Getting to work will involve trying to bend the rules.
Also, if this is not possible,would it then be possible to plug in an external hard drive to the time capsule (containing my films and old photos etc) and access these files wirelessly on my network ? but also stop my guests from accessing these files over their network
Yes, this actually might the simplest way to accomplish what you want to do. Make sure that the drive is formatted correctly for Mac in Mac OS Extended (Journaled) using Disk Utility and then use AirPort Utility to set up a password to access the drive. Only give the password to those who you want to have access to the drive. -
Recommended setup of WSA for guest network
I am currently implementing a WSA in a Cisco ASA environment. For all internal devices I use WCCP (the WSA is on inside from the firewall perspective).
However, in the environment there is also a guest network terminating on a DMZ of the firewall. Because of the limitiations in ASA I cant use WCCP for this traffic.
Which is the recommended approach to "proxify" the guest users internet traffic? If possible I want to avoid proxy settings in the devices since this is a network with unknown device types. Also, I want to avoid proxy auto-discovery for the same reason.
what do you recommend?
Best regards
JimmyHi Jimmy,
One option is to seperate a guest network by using a seperate subnet rather internally rather then have the guests on the DMZ. Then you may setup an identity based on that subnet. Once you have that identity setup add it to a access policy and define which categories you would like to block, monitor or allow. Remeber when you allow a category the WSA will not use its scanning engines for example, WBRS Web Reputation Score, Webroot or Anti Virus. This will allow you to seprately control the guest network through the WSA. This is the most common setup which I see often.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator -
Guest Network reappeared after firmware update- Can't delete it.
I'm running a wireless network from my 1 TB TimeCapsule, with Firmware 7.6.3, which was updated today. I'm not sure the firmware version previously. Before a move to a new state, I'd previously run a guest network. When I got new internet service here after the move, the telephone company supplied a wireless modem, on which I turned off its wireless mode, and shared its internet to the Time Capsule via ethernet (on the TC: Connection Sharing = off - Bridge Mode). And Airport Utility no longer let me have the ability to set up a guest network.
I came to understand that is typical, and actually was persuaded this was better (not splitting bandwidth, etc) per this discussion and others: https://discussions.apple.com/message/18673654#18673654.
Now, today, after this firmware update, suddenly my previous guest network has reappeared, with the same security key that I'd programmed into it in another state. However, I'm not able to do anything about it!! There's no access to it via Airport Utility! I think I'd like to turn off the guest network. But I'm intrigued by the possibility of having the ability to turn it on again.
Any ideas?As I'm trying to scan a few threads (with time I don't really have),
ex: https://discussions.apple.com/thread/4785878?tstart=0
it looks like this firmware was to support a higher version of Airport Utility (6.1), explicitly with extended guest network support. I'm guessing my problem, with an older version of Airport Utility, is one of those unexpected collateral damage issues. A way to go back in firmware is mentioned on the 2nd page of that thread:
Briolet
Re: airport firmware 7.6.3
Feb 8, 2013 6:47 AM (in response to Neil Atkinson)
About downgrading the firmware. On Airport Utility v5.6 it is simple. I am at the moment on 2 Snow leopard computers.
In the menu of the utility, choose "load Firmware..." thats all. It seems only to know the previous used firmwares. I skipped 7.6.2 and that is also not available. Also, on my newer Snow leopard computer I only can choose between 7.6.1 and 7.6.3, while on my other Snow leopard computer I also can in addition choose 7.6 and 7.5.2 versions. Apparently they are stored in the libraries of the local computer.
There is an other option to load other firmware, but than you get a dialog were to look for it.
Would you recommend this? -
I cannot add a Wi-Fi guest network. Gone to Utilities>Airport Utilities and all I get is an image/browser of my Airport Extreme. Looking for the browser window which has the title Wireless but cannot find anywhere. What am I doing wrong?
Open AirPort Utility. The first screen looks something like this:
Click on the AirPort Extreme and another screen will appear. Click Edit, then the window with the Wireless tab will appear.
If you do not see these screens, you will need to start over and configure your AirPort again. -
Airport Extreme 802.11AC + 5th Gen and guest network access
I have the current gen Airport Extreme 802.11AC with a 5th Gen extending the network. With this setup, I am unable to login using our guest network setup. I have tried using guest network with a password and one without but its the same results. When a guest logins, it stuck attempting to login with no error messages.
So is it possible to have this configuration and still have guest network access?Please review what I said originally.......that the guest network function on the AirPort Extreme is designed to work with a simple modem......so the AirPort acts as the main router for the network..
Another way of saying the same thing is that the AirPort needs to be "in charge" of your network for the guest feature to work correctly. The AirPort cannot be in charge if it is connected to another device that is already configured to be the main router on your network.....your Actiontec modem/router.
The Actiontec device combines the functions of a separate modem and a separate router in one package. This type of device is known as a modem/router, or also known as a gateway.
Some folks call a modem/router or a gateway......a modem. So, things can get confusing.
I do not know if it is possible for the Actiontec device that you have to be configured to act as a simple modem.....so the routing functions of the device are completely turned off. (Turning off the wireless on the Actiotec does not turn off the routing function).
If you turn off the wireless on the Actionec, it becomes a modem and a wired router. And that wired router is still in charge of your network.
The guest network feature will not work correctly unless the AirPort is in charge of your network.
My suggestion was for you to ask your Internet Service Provider (ISP), if they could supply you with a simple modem. That is all that you need. You don't need two routers....and the Actiontec that you have now is not allowing the guest feature to work correctly. -
Cascading EA4500s and Guest Network access
Hi, I hope esomone can help me here. I've got two EA4500 routers connected via ethernet. The primary router has DHCP enabled and the secondary has it disabled. IP address of primary is 192.168.1.1 and the secondary is 192.168.1.2.
I have set up guest access on both routers however only the primary router allows users to connect. When out of range of the primary router but in range of the secondary router the network is visible but when you try to connect to it, it only gives limited or no connectivity message and can't connect to the internet.
Is it possible for the guest network access to follow the same pattern as the secure network, i.e. the same network throughout the house?
Regards
JonCascading two routers should have correct parameters set. For instance, the Ethernet port of the secondary router should be connected to the ethernet port of the primary one, and the DHCP should be disabled on the second router. The ip address you've set are correct for the both routers. This thing shoud be done if the connection is LAN to LAN.
By the way there are two types of cascading: Click here for info!
For the Guest Network:
Guest Network would only work if the the DHCP is enabled on your router. It means to say that on the type of setup you're doing which is LAN to LAN (DHCP disabled on the second router), Guest network would not work on the secondary router. If the connection is LAN to WAN, then both of the router should have Guest Network working. -
How do I configure Guest network to access ethernet wired printer?
I have a wired/wireless network with a new dual band AEBS. The AEBS is connected to a Cisco router, which in turn sends it's connections to various wall-plates in our home. One HP 4110 printer is wired via it's ethernet port, one Mac Mini (OS 10.6.2) is hard wired also. The dual band AEBS 5 GHz network is used for our newer laptops, and the 2.4 GHz network is used for a G3 Firewire PowerBook (now don't make fun... it was the best there was at one time) running OS 10.4.11.
The PowerBook cannot access the printer that is hard wired via ethernet cable to the network. How do I get the PowerBook on the "Guest" network to access the printer?
I tried searching these discussions, but can't find an answer to my specific issue. Any help is appreciated.Since you have a simultaneous dual-band AEBS, why not connect your PowerBook G3 to the non-Guest 2.4 GHz network created?
Can I take an AEBS that is a couple of years older (I have a couple of the flying saucers around here somewhere), wire that to an available ethernet port on the LAN, and then connect the older PowerBook G3 to that older AEBS wirelessly?
Sure
If so, will that arrangement slow down the entire system?
No
If that won't work, and I connect the PowerBook G3 directly to an ethernet port, will that slow down the other wireless computers?
Yes you can connect your PowerBook G3 via Ethernet. That would have no effect on the wireless computers.
Maybe you are looking for
-
Can't use store: "The store may be busy"
I often get this message on a work computer: Could not complete the iTunes Store request. The store may be busy. Check your Internet connection or try again later. The error occurs randomly. Internet connection is always fine when it occurs. Any sugg
-
How to cancel and redo a service confirmation?
Here is the scenario (Service management): A Service confirmation has been created with status "Completed". As a result the status of the originating service order is set to "Confirmed" (standard behavior). Say the confirmation data was wrong and pos
-
The Real Question, Sharing iMovie With iDVD?
With iLife 08, sharing to iDVD was a pixelated mess when played back on a DVD player. They stated that they changed this I think? Is this true? Does iMovie 09 share with iDVD like iMovie 06 to iDVD results?
-
The iphone could not be restored. an unknown error occurred 1015
Hello everyone, After upgrading to ios 4, my iPhone 3GS is stuck recovery and I am asked to restore it. However the operation cannot complete since at the end I get an error message that " the iphone could not be restored. an unknown error occurred 1
-
Where i can dowload camera Raw 8.8 because update don't rub on Light room 5 or CC2014
HI where i can dowload camera Raw 8.8 because update don't rub on Light room 5 or CC2014?? Thanks Samsam