Security Mechanism for user access to Single SSID WLAN

¹ Dongguan Branch, Institute of High Energy Physics, Chinese Academy of Sciences, Dongguan Guangdong 523808, China
² Spallation Neutron Science Center, Dongguan Guangdong 523808, China
³ Computing Center, Institute of High Energy Physics, Chinese Academy of Sciences, Beijing 100049, China
⁴ University of Chinese Academy of Sciences, Beijing 100049, China

^* e-mail: wangli320@ihep.ac.cn
^** e-mail: xiams@ihep.ac.cn
^*** e-mail: qfz@ihep.ac.cn

Published online: 16 November 2020

Abstract

Wireless local area network (WLAN) technology is widely used in various enterprises and institutions. In order to facilitate the use of users, they often provide a single SSID access point, resulting in different identities of users authenticated and authorized can connect to the wireless network anytime, anywhere as needed and obtain the same accessible network resources such as bandwidth, access control (ACL) and so on. Multiple SSID can solve the problem but it will be confused to users who don’t know which SSID can be connected. Although we could prevent visitors from accessing intranet resources by isolating the wireless network from the internal network, this would make it impossible for users to use the wireless network for internal office work. In this paper, we propose an access control system that grouping users according to the different identities and users authenticated and authorized can access different network resources because a wireless access point dynamically maps an SSID provided by a mobile station to a BSSID based on a VLAN assignment. The deployment experiment of the solution proves that users of different identities accessing the same wireless network can set different access policies, which effectively improves the security of the wireless network and simplifies the management of the wireless network.