5 best practices for guest Wi-Fi access

Mauro Rizzi
February 13, 2018

Pay attention to security, bandwidth and application visibility when rolling out a wireless network upgrade

Upgrading your wireless network requires a lot of attention. Although there are many ways to configure and use Wi-Fi, best-in-class organizations should apply these five strategies to get the most out of their networks.

1. Predict changes

There’s nothing riskier than a Wi-Fi network that is left unattended. Over time, people are added, moved, or replaced. Desks and other furniture in the environment change. A wireless network that isn’t maintained to keep up with these changes degrades over time and provides less-than-exceptional service to users.

However, the chipset power embedded into each access point allows today’s wireless LAN (WLAN) infrastructure to be very fault-tolerant. A good WLAN can survive the loss of access points and the addition of new ones. Radio interference would be proactively managed minimizing the effect. All complex configurations and dynamic management of radio channels would be addressed in every AP.

2. Use intelligent wireless products

Gone are the days when you had to manage and configure each wireless access point manually and separately. The tedious job of continuously adjusting power levels, channel assignments or enabling hot spare APs has gone the way of the Dodo bird.

Today’s distributed intelligence Wi-Fi technology can handle mobility, keeping an IP address and connection alive while a user on a VoIP call walks between rooms, floors and even buildings. You should invest in a Wi-Fi network that not only handles mobility, but also handles all kinds of traffic including voice and video conversations, document and screen sharing and team collaboration with a bunch of people working on the same document at the same time.

3. Understand the application and prioritize

In most networks, as soon as the WLAN network is turned on, every smartphone in the building is automatically connected to the network. These devices continue to consume bandwidth, even when no one is using them. Add to that applications working in the background (such as automatic backup, software updates, application updates, voice recognition software) and you end up with a wireless network near capacity without a single active user!

The solution isn’t to prohibit casual use. It is to make sure that mission-critical applications, (such as VoIP/unified communications, video collaboration, document sharing, transaction processing, and business uses), get priority over non-business and casual use. Look for Wi-Fi solutions that provide application visibility and control, such as the Alcatel-Lucent OmniAccess® Stellar wireless portfolio, so you can throttle bandwidth depending on specific rules, automatically and dynamically.

4. Develop a guest access policy

Supporting guest access is generally a given in today’s enterprise wireless installations. Guests commonly have a legitimate need to connect to the Internet while visiting an organization. Although some road warriors may use alternative technologies, such as 4G or LTE to bypass local Wi-Fi networks, it is important to plan if and how other guests will connect to the organization’s WLAN.

Of course, these guests shouldn’t require much access to anything inside the normal enterprise network — printing, perhaps, being the occasional exception. Therefore, securing connections to ensure that guest users do not gain elevated privileges is important.

Common alternatives, such as requiring guests to preregister Media Access Control (MAC) addresses or obtain a temporary user name and password, tend to be cumbersome and should be avoided. One bad result of a guest policy that is poorly developed or difficult to follow is that staff members might spend valuable time trying to get their visitors logged on to the wireless network. Or, even worse, a staff member might share his access with a guest to connect directly to the internal wired network to bypass issues with the guest access rules and process.

Guest policies must balance requirements for accountability and prevention with the goal of making it simple and quick. There are a lot automated systems able to deliver this, however the best and most secure way to get this done is to have an intelligent WLAN system which understands when a guest connects, throttle the bandwidth depending on the application used and tunnel the traffic up to the router for the internet connection.

5. Maximum security from the beginning

Security has always been very important especially when dealing with wireless networks. There are various methods today to build it, however the best would be to have NAC (Network Access Control) not only for WLAN but for LAN users as well. One single point of management can guarantee the highest level of access security no matter the type of connection (wired or wireless) NAC meshes well with wireless deployments because the wireless authentication standard — known as Wi-Fi Protected Access 2 (WPA3 is currently under development, considering the recent vulnerabilities found in WPA2) uses 802.1X, which is a convenient method for passing NAC information between clients and servers. There are many network management systems that streamline and minimize the complexity from a NAC deployment for the network infrastructure.

These are the five basic rules to follow for providing users with the best experience while keeping the administrator happy with short and relatively simple configurations. The network infrastructure itself will take care of the most cumbersome and boring tasks needed for the optimal operation of the network infrastructure.

For more information about an access point solution that addresses these issues, read about the Alcatel-Lucent OmniAccess Stellar WLAN solution

Mauro Rizzi

Mauro Rizzi

Network Business Development Director, Alcatel-Lucent Enterprise

Mauro joined ALE in 2009 to support the Central Mediterranean Countries with his presales skills and abilities. He then took the challenge to move to the position of business developer for the SEMEA region and visited quite a lot of customers around the globe and especially in Africa. Mauro is currently in charge of the development of the ALE networking business through the assistance and support in the roadmap definition and evolution. He supports the development of the marketing assets for inbound and outbound campaigns and special, dedicated programs meant to enable partners to be able to sell more and get more out of the solution proposed by Alcatel-Lucent Enterprise.

Mauro graduated as an Electronic Engineer from the University of Brescia and then achieved an MBA from University of Padua. Mauro Rizzi, 38, is a fitness and technology lover

About the author

Latest Blogs

NIS2 EU Cybersecurity Directive: EU-wide legislation.
Security

NIS 2: ALE takes action on cybersecurity

ALE implements effective measures to protect critical operations and ensure compliance with EU cybersecurity regulations.

a man and a woman looking at a phone
Digital Age Networking

Preparing for Wi-Fi 7: Five Key Steps for a Smooth Transiti…

Is your network ready for Wi-Fi 7? Here are five steps to help prepare.

woman using mobile phone with tall buildings in the background
Government

Creating a better world through sustainable architecture

Smart buildings use IoT, OT and IT to minimize environmental impact and make our lives more convenient and pleasant.

a person holding a phone
Rainbow

How certifications create transparency and protect your data

Certifications are good indicators to understand how your data will be protected

Chat