IPIQ: Custom Installer Tips: How to Set Up a Secure Guest Network
In today’s connected world, we want Internet access everywhere we go. Because of this demand there is a growing trend in both residential and commercial networking to offer free connectivity to visitors. The challenge seems to be doing so without compromising the integrity and security of the network. However, setting up a guest network that provides visitors with reliable connectivity—while keeping the private network secure—is actually much simpler than it may seem. With a little training and the use of the right tools, installers can easily deliver secure guest networking services to their residential and commercial customers.
What is Secure Guest Networking?
Secure guest networking is a method of providing a shared network connection (can be wired or wireless) that allows users to connect to the Internet while keeping them isolated from your private home or office network. There are different methods for providing this secure network, the two most common of which are: 1) Virtual Local Area Network- (VLAN) based; and 2) Router-based. Both methods have unique advantages depending on the environment in which it is being implemented.
How Do VLAN-based and Router-based Secure Guest Networks Differ?
The biggest difference between these two methods essentially comes down to the size of the network. A small home or business can most likely use a wireless router with built-in secure wireless guest networking provisions (such as the Luxul XWR-1750 shown in Image 2). However, for larger homes and businesses with multiple wireless APs or the requirement for a wired guest network, the use of VLANs is recommended.
Benefits of Router-based Guest Networking:
• Easy setup—most routers that support secure guest networking have a simple configuration that is easy to setup with minimal time and effort
• Robust and secure—both private and guest networks are on different IP subnets
• Only one device needed—with this option you only need a wireless router that supports guest networking
Benefits of VLAN-based Guest Networking:
• Multiple guest network connections can be supported—secure guest networking can be implemented across multiple APs and/or Ethernet drops
• Robust and secure—802.1q VLANs isolate all traffic on the private and guest networks
• Scalable—as your network grows, VLAN-based secure guest networking can grow also
Router-based Secure Guest
Router-based secure guest network setup is typically rather simple. First, set the SSID (or wireless network name) for both the private and guest networks. Then, determine what type of security will be needed for each network. For obvious reasons, you will want to enable security on the private network. For the guest network, however, you may choose to leave it open or you can add security. Once you have made these determinations, simply walk through the setup in your wireless router for both the private and guest networks.
VLAN-based Secure Guest
VLAN-based secure guest networking requires more planning and configuration. When implementing this method, first determine how many VLANs will be needed on the local network. In our configuration example on this page, we will use two—one for the private network and the other for the guest network. Secondly, make sure all devices (i.e. switches, APs, routers) used in the network support 802.1q VLANs (typically, any unmanaged device does NOT support 802.1q VLANs). Third, determine if the guest network will include wireless and/or hardwired options. In our configuration example, we will use only wireless guest connections.
1. Set the SSID (or wireless network name) on your AP for both the private and guest networks. Then, determine what type of security will be needed for each network. For obvious reasons, you will want to enable security on the private network. For the guest network, however, you may choose to leave it open or you can add security.
2. Enable VLAN settings on the AP. Set the wireless SSIDs to their corresponding VLAN ID. For our example, we will use VLAN 1 for the private network and VLAN 2 for the guest network.
3. On the managed switch, create VLAN 2 (VLAN 1 is typically already created and active) and set the port connected to your AP as a VLAN trunk port and as a member of VLAN1 and VLAN2 (connecting a device as a VLAN trunk port allows the port to be a member of multiple VLANs). Now, set the port connected to your router as a VLAN trunk port and as a member of VLAN 1 and VLAN 2.
4. Enable VLAN settings on the router. Create VLAN 2 on the router (VLAN 1 is typically already created and active) and set the port connected to your managed switch as a member of VLAN 1 and VLAN 2.
Secure guest networking provides a secure, flexible and reliable way to offer visitors easy access to the Internet while protecting valuable private data. With more devices connecting us to the Internet, there is an increased and growing demand for providing such connectivity to guests in both residential and commercial networks. Offering secure guest network setup via VLANs or with a wireless router that supports this functionality is one more service that installers can easily offer that adds even more value to their customer installations.•