Router question

[DocYoda]

I have an AC68u Asus Router. What I want to do is have a wireless internet for the people in the office and restrict other people from entering the internet. Having a WPA2 key for logging in to the internet to people who are supposed to use the net but I want to prevent other people who was just given the passwords. Any tips on how to do this? will mac address filtering do the thing? I want specific devices to be connected to the network and monitor traffic. TIA 
 

[Simon771]

mac filtering will do just fine

also hide your ssid.

[DocYoda]

Thanks. Will try that. Btw, how do I connect to the network if ssid is hidden lets say for example Ive just got a new device?

[mynameisjuan]

4 hours ago, DocYoda said:

Thanks. Will try that. Btw, how do I connect to the network if ssid is hidden lets say for example Ive just got a new device?

Most the time below the list of SSIDs you will see other networks or manually add. Just type it in and you are all set. 

[NZLaurence]

How much of a problem is this for you as you mentioned its for an 'office'.

 

Basic solution is Mac filtering. Its a pain, and not very secure. 

 

If its a real problem look for a device that supports personal psk's. These will likely be more enterprise devices but allow you to have one SSID and give out a unique password to each person. They can use that password on all their devices but not share it or you can limit one device per password. When a staff member leaves, disable their password only. Also you can normally get a report on how many times that password is being used.

When I deployed these I would make the password a random 30-60 character long string and get them to copy and paste it in. Works great for sites with contractors.

[DocYoda]

5 hours ago, NZLaurence said:

How much of a problem is this for you as you mentioned its for an 'office'.

 

Basic solution is Mac filtering. Its a pain, and not very secure. 

 

If its a real problem look for a device that supports personal psk's. These will likely be more enterprise devices but allow you to have one SSID and give out a unique password to each person. They can use that password on all their devices but not share it or you can limit one device per password. When a staff member leaves, disable their password only. Also you can normally get a report on how many times that password is being used.

When I deployed these I would make the password a random 30-60 character long string and get them to copy and paste it in. Works great for sites with contractors.

 It's a real problem in the office, actually its a hospital research lab. I dont believe that the AC68U Asus AC1900 router is enterprise level. I would like that suggestion where there is one SSID and unique passwords to each person and use it to only to their specific devices. Could you shed a bit more light to personal psk? Thanks

 

btw, are you referring to this --> http://www.enterprisenetworkingplanet.com/netsecur/article.php/3916561/Implement-WPA2-Enterprise-Encryption-on-Your-WLAN.htm

[NZLaurence]

When we were deploying medical clinics we were using the Aerohive devices. I can highly recommend them for situations where you need to provide access but still retain control.

 

A typical deployment was something like this:

Fibre/VDSL->Cisco Router->Cisco SG300P or SF300P PoE Switch->1-6x Aerohive Routers

 

We would create separate Vlans on the Cisco router and Switch for clinic computers/contractor access and staff cellphones/guest users.

 

On the Aerohives we would create two SSIDs, one for "Clinic" and one for "ClinicGuest".

ClinicGuest would be open with a captive portal showing user acceptance policy. Users would be limited to 256k each and 500mb traffic. It was on a schedule that only ran when clinic was open. Also blocked porn, and some other stuff.

Clinic would have Private PSK's with it dropping the devices into the right Vlan based on the key.

 

The Aerohives are not cheap, but let us do the captive portal thing and block stuff (legal reasons), and the private PSKs as there was a high turnover of contractors so they wanted to be able to have them use the internet at full speed but only some are allowed access the local network and be able to revoke access on a per contactor/device or set an expiry date on the access.

 

We would also deploy 1-6 aerohive devices depending on the size of the clinic as they did seamless handoff between them and all acted as one big network.

You need to buy the units and a hiveAP licence. The licence is for the cloud based management portal and warranty. They will not work without this license.

 

I believe ruckus also do all of this?

 

For details on the private PSK look at http://www.aerohive.com/solutions/technology/ppsk.html

 

It will come down to how much of a problem you are trying to solve, right tool for the right job. But sometimes that needs a budget.

 

Have a look and if you want more info hit me up.