Prevent employees from using guest WIFI

martinrboyd
Conversationalist

Prevent employees from using guest WIFI

We use the Sponsored guest login for our guests. However, our employees are connecting their cell phones to the guest network as well. Is there a way to prevent our users from connecting? Like can we only allow certain users to be able to authorize the guests instead of all users?

4 Replies 4
mlefebvre
Building a reputation

When you configure sponsored guest login you have to configure it by email domain, and everyone from that domain has the ability to authorize, so the only way to do this natively is with a secondary email domain. What I would recommend instead or even with that solution is to have an SSID that your staff are permitted to connect their cellphones to that is direct to the internet only and perhaps limit the bandwidth on it if that is a concern. If you have WiFi for guests it is a pretty reasonable expectation in the modern workplace that your employees have it as well. If your employees feel you are being overly restrictive without good reason they may continue to try to circumvent or turn to shadow IT and that can be more risky, cost you more in time and resources and be generally problematic in the long run.

DarrenOC
Kind of a big deal
Kind of a big deal

I personally don’t see the harm in your staff using the Guest SSID from personal devices.  Just as long as that SSID can’t access internal resources what’s the issue? 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
martinrboyd
Conversationalist

Its an old school company that does not want employees to waste time on their phones. Thank you for the information. 

GreenMan
Meraki Employee
Meraki Employee

One trick I've found, to at least discourage employee use of the Guest SSID:   make (true) Guests actually authenticate to access.   Then require them to re-auth regularly.  Because they'll probably only do it once or maybe twice for a brief visit, it's not too much of an inconvenience to them.   But for employees who are there very regularly, it will become a pain and they will most certainly use a different, more appropriate, more friction-free approach if you provide them with one.   Something like Trusted Access or maybe iPSK, for examples.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels