Embed Size (px)
Citation preview
12
Guest Internet AccessIn a campus, there are various types of end devices like PCs, smartphone and tablets that require Internet access, and some peripherals like printers or fax machines that don’t support Web authentication also need network connection. In addition to the devices, there are also many user types in a campus: students, teachers, roaming academic network users and guests. All the roles result in a complicated matrix in which different users and devices need to be flexibly authenticated to get proper privileges toward the network resources.
Solution Wi-Fi Wireless Access
Wireless is now the majority and the first choice for students
and guests alike to connect to the network. The ZyXEL
WLAN controller function supports multiple SSID and can
be mapped with different settings with VLAN, Wi-Fi security
and authentication options. For example, students, teachers
and other academic users can authenticate with the
regional central server to obtain resources even when they
are traveling; the smart phones or tablets with awkward
screen keyboards can adopt MAC authentication to simplify
the process. With these features, ZyXEL solutions can realize
comprehensive access management of Wi-Fi users.
Peripherals and Equipment
Devices like printers, IP phones and IP cameras should not
be simply connected to the IP network without proper
management. Instead, traffic hacking and data leaking from
these devices should be prevented. Take IP camera as an
example: as it uses multicast to deliver traffic and could be
hacked from the LAN, access policy for those devices should
be enforced on the switches they connect to. To solve the
difficulty that these devices don’t support Web-based
authentication, MAC authentication provided by ZyXEL
switches ease the concerns by allowing only the devices
matching the stored MAC addresses to connect.
Guest Users
For guest visitors who mostly use Wi-Fi to temporarily access
the network, the Wi-Fi controller can generate dynamic
guest accounts to grant temporary access. In addition the
controller has a Web-based authentication portal for guest
users to log in. Guest list and activities can also be logged for
monitoring and management.
Application Benefits Providing easy steps to setup and create guest accounts
and to manage and store identification information Regulating guest traffic through the internal network Auditing and monitoring guest usage and activities,
including login and logout times
13
QR Code Authentication
Captive Portal
NWA5123-AC802.11ac Dual-Radio Uni�ed Access Point
GS2210-24HPLayer 2 Managed Switch
GS2210-24Layer 2 Managed Switch
GS2210-48Layer 2 Managed Switch
GS2210-8HPLayer 2 Managed Switch
GS3700-48Layer 2+ Managed Switch
NXC5500Wireless LAN ControllerPublic Area
Computer Lab
Administrative O�ce
NWA5123-AC802.11ac Dual-Radio Uni�ed Access Point
MACAuthentication
MACAuthentication
Dynamic Guest Account
802.1x
51
49
PWR1
PWR2
SYS
ALM
MAST
GS3700-48
10/100/1000Base-T Port (1-48)
12 3
4 56 7
8 91110
12 13 14 1516 17
18 1920 21
2322
2415 26 27
28 2930 31
32 333534
3637 38 39
40 4142 43
44 4547
4648
1G SFP Port (49-52)
5052
MGMT
CONSOLE
STACK ID
Fax/Printer
AAA Servers
