Date: Wed, 6 Feb 2013 11:29:48 -0800 From: Kurt Buff <kurt.buff@gmail.com> To: freebsd-net@freebsd.org Subject: Guest network on corporate LAN - options for security Message-ID: <CADy1Ce7nw0EKjDndZsdgiA9u8q%2BKkskc0=91MVZ4pcAZ-Ogddg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
All, If this isn't the right list for this, please let me know. Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. Does anyone have ideas on how I can leverage that FreeBSD box to control this? It's not the firewall for the VLAN - it's simple a machine sitting on the subnet. What I've read of captive portals seems to indicate that the portal is part of the firewall, which will not be the case here, as the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Thanks, Kurt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADy1Ce7nw0EKjDndZsdgiA9u8q%2BKkskc0=91MVZ4pcAZ-Ogddg>