Lab 9: Configuring and Securing a Guest Network

After you help L-Mart enhance 802.11 securities by implementing a Employee WLAN with

EAP-FAST and a Guest WLAN with web authentication, you manager is concerned with the

guest users accessing the corporate data. Guest users who visit L-Mart are normally temporary

visitors who need to access the Internet ONLY. These guest users are not trusted employees and

the guest wireless network should be contained and isolated from the trusted portion of your

network. The guest will log in by using the username and password from a browser connection

on the remote laptop, after the guest login, she or he can only use Internet and cant access any

trusted portion of L-Mart network.

The manager asks you to set up a simple pilot network in the lab environment to test the theory.

Before you begin the implementation, you are asked to give a short presentation to answer the

following questions:

1. What is guest WLAN?

2. Why to separate/segment guest traffic logically from internal enterprise traffic?

3. What is the topology of your design?

4. What is the IP addressing and VLAN design?

5. What is your proposed solution to allow the guest only access the Internet?

Your manager would like to see the following screenshot in the Wireless LAN Controller when

the guest client connecting to the AP through web authentication.

After the guest login, guest can use Internet ONLY. The guest can NOT get access to the trusted

portion of the corporate network. One way to test it in the lab environment is that after the guest

login successfully, guest cant ping any Wired and Employee networks, but DNS should still

work. Because Guest need to use DNS service to get access to the Internet.