NSRC / EVENT SPONSOR
[Main Page](../index.html "Main Page")
# Unifi Wireless Network Security The goal of this exercise is to set up security features of Wi-Fi networks on Unifi. ***Only one member of each group will using a controller.*** ## Wireless Networks Settings Click the gear icon at the lower left to enter settings - as you did in the VLAN setup lab. Wireless Networks is the second menu option in Settings. ![Wireless Networks Settings](../images/unifi_wireless_networks_setup.png) Your list of networks should look like this: ![Configured Wireless Networks](../images/unifi_configured_networks.png) If you don't have these networks, please go back to the WiFi Networks Setup Lab and complete it before proceeding. ## Setting up WPA-PSK2 on the Faculty and Student Networks We'll set up WPA Personal Security for the Faculty & Student network. You know from our lectures that this is only rudimentary security as it is easy for personal keys to be shared from person to person. - Click the Edit button to change each network - Change Security to "WPA Personal" - Use the security key "8888888888" (that's ten eights!) for the Faculty Network - Use the security key "7777777777" (that's ten sevens!) for the Student Network ## Hiding an SSID & Setting a MAC Filter for Infrastructure We don't want anyone to know our temperature gauges, air conditioners, light sensors, and humidity monitors are using the same Wi-Fi network as everyone else. We also don't want anyone inadvertantly discovering the SSID and trying to attach. So In addition to setting up WPA-PSK2, we'll also hide the SSID, and we'll restrict access to the network via MAC address. - Click the Edit button to change the Infrastructure Network - Change Security to "WPA Personal" - Use the security key "9999999999" (that's ten nines!) for the Infrastructure Network - In the Advanced Options menu, Hide SSID - In the Advanced options menu, Enable the MAC Filter. Don't add any MAC addresses yet ## Setting up a Guest Network We'd like to keep an open network for guests, but with a captive portal authentication. It should only be available during business hours. - Click the Edit button to change the Guest Network - Enable the Guest Policy - In Advanced Options, enable WLAN schedule - Change the sliders appropriately. Your configuration should look like this: ![Guest Network Configuration](../images/unifi_guest_network_configuration.png) Captive Portal is set up through the Guest Control tab. Click the tab and enter the configuration screen. ![Guest Control Configuration](../images/unifi_guest_control.png) - Enable the Guest Portal - Choose Hotspot authentication - Give your hotspot a Title - Enable welcome text - Enable terms of service - Customise your portal with a logo and backgroudnd image
## Connect to the networks Use your cellphone or spare laptop (the one not running the controller) to check if the networks are working. Connect to each and note the IP address and gateway of each. Find a partner from another group. Connect to the guest network. Can you ping each other's devices? (Does your device respond to ping?)