Wi-Fi has become a basic necessity in today’s world be it at work, schools, universities, hotels etc. Everyone wants wireless access wherever they go and wireless network admins are trying to make this happen. While they do want everyone to get wireless access they do not want to give every client complete access to the network or access to full bandwidth.
How are network admins tackling this issue?
Wireless network admins are creating multiple WLANs and providing access according to the end user.
Corporate Workplace– Network admins typically configure 3 WLANs in Corporate workplace environment- Corporate WLAN, BYOD WLAN, Guest WLAN.
- Corporate WLAN– Typically configured as an 802.1x WLAN such that the devices associate the WLAN with end user’s AD credentials. 802.1x with AAA override is typically configured such that desired VLAN and ACL can be assigned to the client to regulate network access. This WLAN is meant for work devices to associate and hence network admins typically don’t configure and bandwidth throttling on this WLAN.
- BYOD WLAN– Network admins configure this WLAN for employees to associate their personal devices. A separate VLAN is created for this WLAN and is allowed access only to the internet and denied access to company’s internal data. The bandwidth on this WLAN is often throttled.
- Guest WLAN– Network admins configure this WLAN for guest users and is mostly configured with a Splash page/WebAuth. The clients can get wireless access by accepting to the terms and conditions mentioned on the splash page. The bandwidth on this WLAN is throttled. Either a separate VLAN is configured or the clients are configured to get an IP address in NAT mode (Cisco Meraki) such that they cannot access anything on the network.
Schools/Universities– Network admins typically configure 3 WLANs in educational institutes- Staff/Student WLAN, Guest WLAN, eduroam.
- Staff/Student WLAN– Similar to the Corporate WLAN above, this WLAN is typically configured as an 802.1x WLAN such that the devices associate the WLAN with end user’s AD credentials. 802.1x with AAA override is typically configured such that desired VLAN and ACL can be assigned to the client to regulate network access. This WLAN is meant for Staff/student’s studying devices to associate and hence network admins typically don’t configure and bandwidth throttling on this WLAN.
- Guest WLAN– Network admins configure this WLAN for guest users and is mostly configured with a Splash page/WebAuth. The clients can get wireless access by logging into their personal emails or social media accounts. The bandwidth on this WLAN is throttled. Either a separate VLAN is configured or the clients are configured to get an IP address in NAT mode (Cisco Meraki) such that they cannot access anything on the network.
- Eduroam– Network admins configure this WLAN such that visiting students and faculties can get seamless internet access. To understand more about how eduroam works visit this page.
Hotels– Network admins typically configure 2 WLANs in Hospitality environment- Corporate WLAN, Guest WLAN.
- Corporate WLAN– Hospitality chains often configure their corporate WLANs with 802.1x authentication but restaurants and coffee shops might be configured with PSK based WLAN.
- Guest WLAN- Network admins configure this WLAN for guest users and is mostly configured with a Splash page/WebAuth. The clients can get wireless access by logging into their personal emails or social media accounts. The bandwidth on this WLAN is throttled. Either a separate VLAN is configured or the clients are configured to get an IP address in NAT mode (Cisco Meraki) such that they cannot access anything on the network.
blogscisco.com 