Private WLAN - secure it, but allow "guest" access

2

I'm trying to get my NetGear WNDR3300 wireless access point to do the following:

  • basically be secure as possible; WPA2-PSK security level with a long passphrase, hiding the custom SSID (not the default "netgear") and so forth (even thinking about filtering by MAC address)

  • but also allow some kind of a "guest" access for when a friend is here and would like to use the WLAN - without divulging the actual passphrase for accessing the WLAN as such

Is that even possible? If so: how? I'm a programmer - not a sys admin - so this stuff is all a tad foreign to me :-) Any thoughts, ideas, approaches are most welcome !

marc_s

Posted 2010-07-24T21:29:08.277

Reputation: 1 408

1MAC address filtering does nothing; just sayin'. – squircle – 2010-07-24T21:33:19.703

5Filtering by mac is more security by obscurity. Same with hiding the ssid. Mac addresses can be spoofed easily. As to the guest network thing. There are 2 basic options. Buy a new router that has guest network capabilities or find a crappy old router set it as a ap with an easy to remember password for guests and just turn it on when they are over. – Unfundednut – 2010-07-24T21:50:02.587

1>

  • A really long CAT-5. 2) 3rd party firmware. DD-WRT does hotspots and supports this model. Too bad the native firmware doesn't do this, even though it does allow multiple SSID's.
    • < – hyperslug – 2010-07-24T21:57:46.733

    1This doesn't do exactly what you want, but if your router supports it, you can connect computers to the router using Wi-Fi Protected Setup. Basically, you just tell the guest computer to connect to the WAP, and then push the button on the router, so you don't have to type in a long passphrase. (However, by the nature of WPA2, it shares your passphrase with the computers that connect.) Re: hidden SSID and MAC filtering, I'm not an expert but from what I've heard they're not more secure and just make it more difficult for you/guests to connect. WPA2 + good passphrase is sufficient. – Stacey Hanson – 2010-07-24T22:07:00.907

    Yeah this router does have an implementation of WPS they call Push-N-Connect. But your buddy could fish up your password later on with Nirsoft's Wirelesskeyview.

    – hyperslug – 2010-07-24T22:34:59.263

    1SSID hiding is useless and just annoying. We have AirSnort for that. As for MAC filtering, thats a little more secure but for a dedicated person its easy. @Wil 's idea is pretty good – TheLQ – 2010-07-25T06:11:17.410

    Answers

    2

    This is not possible on standard residential grade equipment (from the big manufacturers).

    I have seen a few unknown brand cheap routers that allow you to set up multiple wireless connections, but it is very rare to find other than on expensive business grade equipment.

    The easiest thing you can probably do is to purchase a cheap second hand router and disable routing and dhcp then use it as an access point and simply turn it on whenever you have a guest visiting. I think this method will also give the best security as I have my doubts about a few of the cheaper brands that do offer multiple connections.

    William Hilsum

    Posted 2010-07-24T21:29:08.277

    Reputation: 111 572

    Apple's Airport Extreme base stations do guest networking — they're residential grade. – Jeremy L – 2010-07-24T23:12:44.167

    2It's not typical of standard residential equipment, but it does happen and it's not exactly uncommon either. – Joel Coehoorn – 2010-07-25T03:35:01.633

    Hm, I had no idea they started including guest modes. Just found a D-link DIR-655, Belkin N+ F5D8235 and an iLinksys, I mean Valet. Cool.

    – hyperslug – 2010-07-25T13:44:52.073

    Asked: 2010-07-24T21:29:08.277

    Viewed: 2 011 times

    Active: 2016-12-13T00:22:12.380