Granting temporary access to wireless network...

Discussion in 'Mac OS X Server, Xserve, and Networking' started by pprior, Jan 6, 2010.

  1. pprior macrumors 65816

    Aug 1, 2007
    I have people over who need temporary access to my network. Generally it's my son's friends who want to game on it with him. This would be via wireless. We do have a mini server running for backup of files, and my computers all are set up through it, be we do not restrict domain access via the server.

    Yesterday I just entered our network password onto a friends computer so he could log in, but then when he left, he still has our profile in his computer so I had 2 concerns:

    1) can he somehow reverse lookup the password I entered and know it?
    2) obviously if he is within range, he has access to our network.

    What is the best way to handle this? I am using airport extreme units for access, but not the lastest one with dual band for guest access (and as i understand it, guest access would allow internet, but not contact with our own network computers anyway).

    Ideally I could assign a temporary account which would self disable in a set amount of time and the person would no longer be let on. Or if I could create a different access and password, which I could then replace without having to modify all of OUR computers.
  2. sjinsjca macrumors 68020


    Oct 30, 2008
    Maybe someone else will have a better idea, but my thought is that much depends on what kind of router you have. IIRC, my D-Link DIR-655 allows me to set up a secondary "guest" WiFi network. I could change the password to that whenever warranted without having to reset the password in all my family's WiFi-connected devices, which adds up to about a dozen PCs, Macs, iPhones and printers-- a big hassle to update all that!

    Another possibility is to have a second cheap router connected via an ethernet cable to your existing router. This second router would be reserved for guest use. But this might involve some headaches related to setup, DHCP behavior, responsiveness (since you mention gaming), application compatibility (some apps such as MS Exchange are picky about NAT traversals) etc. Might be worth a try if you have an old WiFi router to play with.

    Perhaps there's something else you could do related to allowing only specific MAC IDs to log into your current router, but MAC IDs are easy to spoof so that wouldn't be terribly secure.

    Or just have your guests connect via an ethernet cable rather than WiFi. That's what we do-- we have a nice long 50-foot cable spooled up behind our router for guest use.
  3. elfxmilhouse macrumors 6502a

    Oct 15, 2008
    Northeast USA
    can the airport do MAC address filtering?

    I always use this feature on my wireless routers so even if someone knows the SSID and WPA key they can't connect again unless they spoof an already approved MAC or I add them to the list.
  4. Consultant macrumors G5


    Jun 27, 2007
    I guess MAC filtering would be the easiest way, although that's one more step.

    Perhaps ethernet cable for guests or a separate wifi access point / password.

Share This Page