Lab 9: Configuring and Securing a Guest Network
After you help L-Mart enhance 802.11 securities by implementing a Employee WLAN with
EAP-FAST and a Guest WLAN with web authentication, you manager is concerned with the
guest users accessing the corporate data. Guest users who visit L-Mart are normally temporary
visitors who need to access the Internet ONLY. These guest users are not trusted employees and
the guest wireless network should be contained and isolated from the trusted portion of your
network. The guest will log in by using the username and password from a browser connection
on the remote laptop, after the guest login, she or he can only use Internet and cant access any
trusted portion of L-Mart network.
The manager asks you to set up a simple pilot network in the lab environment to test the theory.
Before you begin the implementation, you are asked to give a short presentation to answer the
following questions:
1. What is guest WLAN?
2. Why to separate/segment guest traffic logically from internal enterprise traffic?
3. What is the topology of your design?
4. What is the IP addressing and VLAN design?
5. What is your proposed solution to allow the guest only access the Internet?
Your manager would like to see the following screenshot in the Wireless LAN Controller when
the guest client connecting to the AP through web authentication.
After the guest login, guest can use Internet ONLY. The guest can NOT get access to the trusted
portion of the corporate network. One way to test it in the lab environment is that after the guest
login successfully, guest cant ping any Wired and Employee networks, but DNS should still
work. Because Guest need to use DNS service to get access to the Internet.