2

My apartment building is changing internet providers, and the new provider plans to install a network that will have a single SSID for the entire building. Each tenant will be given a unique password that is supposed to make it so each unit is separated on the network from every other unit. For comparison purposes, our old internet provider gave each unit a unique SSID.

One of the "benefits" of the change is that we should be able to access Wi-Fi anywhere in the building without switch from our "home" network to a guest network. However, it seems to me that putting everyone under the same SSID could be a security and privacy issue.

My question is therefore: is it possible to have a single SSID + multiple password network setup where each user is securely isolated from other users, and are there any extra precautions recommended for such a setup?

bigreddmachine
  • 121
  • 2
  • 2
    While it is possible for it to be secured, trusting that it is secured is a different question. I'm not sure you would easily be able to test it legally without getting permission from the provider to play around with it. If you could, attempting something like a port scan to see what other devices are exposed could be a good idea. – KHobbits May 29 '20 at 00:23

1 Answers1

3

Yes, it is possible if you are using 802.1x for authentication. The RADIUS server can specify a VLAN for the user/port. If it is different for each user then the router can have ACLs that prevent inter-VLAN traffic or simply not route between them.

Mark Wagner
  • 17,764
  • 2
  • 30
  • 47
  • 2
    While not concrete method of identification, there is a good chance, that in these situations you would be given different subnet ranges for each VLAN. If I was put in the same situation, I'd likely try connecting two devices on the same credentials, and seeing what IP addresses I was assigned. I would then compare with a different set of credentials. Ideally I would then see if I could ping or communicate with other IP addresses belonging to different credentials. – KHobbits May 29 '20 at 00:26