HQ and Capus Branch Offices Teleworkers & Micro-Branches Guest Access

Secure Guest Wi-Fi Access

Secure guest access has proven to be popular with enterprises as a way of providing customers, vendors, consultants, and other corporate visitors with Internet access. This is offered as a convenience and a way to make the meetings or engagements at corporate as productive as possible, with the guests able to access email or websites during their visit. 

With these benefits come concerns regarding the ease of use, security, and legal liabilities of the guest access system. Wireless LANs are a natural fit to provide this access as organizations don't need to provide Ethernet connections in every location, users do not need to bring cables, and today virtually all laptops ship with integrated wireless networking. However, there are also concerns that these guest users should not have any access to sensitive corporate resources and that they should abide by the company's terms of use for Internet access.

The cooperative control architecture from Aerohive Networks addresses all of these concerns with a simple and flexible approach. Corporate guests can associate with a guest-specific SSID and be assigned the default policy for the SSID. Or they can associate with the more granular user profile-specific policies based on attributes supplied by RADIUS if guest user credentials are supplied. The access points present guests with a captive portal web page that captures and logs information about them and requires them to accept the company's terms of use before being given access to the Internet. Guest traffic can be isolated in one of three ways:

  • SSID settings and policies for guest access can assign users to a guest VLAN
  • Access points can tunnel their traffic directly to the Internet DMZ
  • Security and QoS policy enforcement are performed at the access point for the guest user. This may optionally be used to restrict guest access to only the Internet or other authorized resources, limit their bandwidth, and prevent layer 2 through layer 4 denial-of-service (DoS) attacks that could otherwise consume valuable air time and resources.
  • Aerohive's unique cooperative control architecture and cooperative control APs can deliver this level of flexible identity-based policy without the need for a centralized controller and in networks as small as a single access point. This significantly reduces the cost and complexity associated with providing this service to non-employees working within the enterprise.

    Cloud-Enabled Enterprise Guest Management

    Aerohive's ID Manager is the first enterprise guest management system to leverage the cloud to simplify and automate the deployment and maintenance of enterprise guest management.

    Aerohive simplifies guest management by combining industry-leading authentication integration with the Aerohive Cloud Services Platform to eliminate the need for any additional hardware or software to deliver a scalable, simple-to-administer enterprise guest management solution that streamlines the on-boarding of visitors. Whether required at a single site or over a globally distributed, multi-lingual company, ID Manager’s cloud-enabled flexibility and simplicity provides a complete solution for every site.

    Learn more