Meraki

Community

Prevent employees from using guest WIFI

martinrboyd
Conversationalist
‎Oct 24 2024 8:49 AM
‎Oct 24 2024 8:49 AM

Prevent employees from using guest WIFI

We use the Sponsored guest login for our guests. However, our employees are connecting their cell phones to the guest network as well. Is there a way to prevent our users from connecting? Like can we only allow certain users to be able to authorize the guests instead of all users?

0 Kudos
4 Replies 4
mlefebvre
Building a reputation
‎Oct 24 2024 9:31 AM
‎Oct 24 2024 9:31 AM

When you configure sponsored guest login you have to configure it by email domain, and everyone from that domain has the ability to authorize, so the only way to do this natively is with a secondary email domain. What I would recommend instead or even with that solution is to have an SSID that your staff are permitted to connect their cellphones to that is direct to the internet only and perhaps limit the bandwidth on it if that is a concern. If you have WiFi for guests it is a pretty reasonable expectation in the modern workplace that your employees have it as well. If your employees feel you are being overly restrictive without good reason they may continue to try to circumvent or turn to shadow IT and that can be more risky, cost you more in time and resources and be generally problematic in the long run.

DarrenOC
Kind of a big deal
Kind of a big deal
‎Oct 25 2024 12:53 AM
‎Oct 25 2024 12:53 AM

I personally don’t see the harm in your staff using the Guest SSID from personal devices.  Just as long as that SSID can’t access internal resources what’s the issue? 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
In response to DarrenOC
martinrboyd
Conversationalist
‎Oct 25 2024 5:13 AM
‎Oct 25 2024 5:13 AM

Its an old school company that does not want employees to waste time on their phones. Thank you for the information. 

GreenMan
Meraki Employee
Meraki Employee
‎Oct 25 2024 5:54 AM
‎Oct 25 2024 5:54 AM

One trick I've found, to at least discourage employee use of the Guest SSID:   make (true) Guests actually authenticate to access.   Then require them to re-auth regularly.  Because they'll probably only do it once or maybe twice for a brief visit, it's not too much of an inconvenience to them.   But for employees who are there very regularly, it will become a pain and they will most certainly use a different, more appropriate, more friction-free approach if you provide them with one.   Something like Trusted Access or maybe iPSK, for examples.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.