Guest Wifi - Email Verification

MOTAT
Comes here often

Guest Wifi - Email Verification

At present we manually provide a PSK to Guest wifi users.  This is being shared with people that it should not be and I am going to have to change the password now.  But I know the same thing will happen.

So I am wanting a way of managing who has access to Guest Wifi but making it very easy for BYOD staff and Business Guests to get access to Guest wifi.

Is there a mechanism that is easy for business guests and BYOD staff that IT could add an email address that would send a "Guest" an email and automatically provide access on their device to the Guest Wifi?

Or is there another process that provides easy setup access to Guests?

7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal

What about sponsored guest mode?

https://documentation.meraki.com/MR/Encryption_and_Authentication/Sponsored_Guest

 

Splash Access (a third party solution) also have a cool guesyt access system that changes the PSK every day and you print out a QR code for guest to scan to access WiFi.

https://www.splashaccess.com/portfolio-item/cisco-meraki-nfc-and-qr-code-authentication/

PhilipDAth
Kind of a big deal
Kind of a big deal

kYutobi
Kind of a big deal


@PhilipDAth wrote:

What about sponsored guest mode?

https://documentation.meraki.com/MR/Encryption_and_Authentication/Sponsored_Guest

 

Splash Access (a third party solution) also have a cool guest access system that changes the PSK every day and you print out a QR code for guest to scan to access WiFi.

https://www.splashaccess.com/portfolio-item/cisco-meraki-nfc-and-qr-code-authentication/


I agree with @PhilipDAth I have tested sponsored guest mode and has worked well for what its purpose.

Enthusiast
MOTAT
Comes here often

Can this be done by locking down to a specific email address instead of a whole domain?

Thanks

PhilipDAth
Kind of a big deal
Kind of a big deal

I don't think so.

SoCalRacer
Kind of a big deal


@MOTAT wrote:

Can this be done by locking down to a specific email address instead of a whole domain?

Thanks


Directly I don't think so, but you could allow it for the entire domain. Then on your email side block email that comes from these sponsored guest requests to all email addresses except the one you want to be used.

SoCalRacer
Kind of a big deal

Another option I have seen with this is using the API to change the Guest password daily. Then you can send an email or post to a collab tool so the correct people have the password each day.

 

Also you could restrict access to session time like 1-8hrs. If employees are using the wifi and not supposed to that is an option. Last option is start blocking known mac address that are not supposed to be accessing it. In general with security I feel that making it too time consuming or difficult to access will deter most users/offenders.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels