News Stay informed about the latest enterprise technology news and product updates.

What happens if you remove an acceptable use policy from guest Wi-Fi?

Requiring users on guest Wi-Fi to agree to an acceptable use policy (AUP) keeps lawyers happy, but it's far from user-friendly. Here's what happened when one IT pro removed his.

LAS VEGAS -- One thing stood between George Stefanick and his vision for wireless: an acceptable use policy.

Users know it as the bothersome webpage full of legalese that pops up after logging onto a guest Wi-Fi network, requiring them to click "confirm" to access the network. It's unclear how effective an acceptable use policy (AUP) is in deterring malicious activity, but AUPs certainly make legal departments happy -- and that's what usually keeps them cemented in place.

This is the story of one network engineer who pushed back and succeeded, albeit with some dramatic consequences.

Stefanick, a wireless network architect at Houston Methodist Hospital, believed the AUP page on his guest Wi-Fi was holding back the network's potential.

"Wi-Fi should be free, it should be open, and it should be a courtesy to our customers," said Stefanick during a presentation he gave at the Interop trade show this week in Las Vegas.

The entire Houston Methodist network actually consists of seven hospitals, a research institute and several outpatient facilities. Its largest facility, Texas Medical Center, processes over 300,000 outpatient visits a year, more than 61,000 emergency room visits and over 36,000 admissions, according to the hospital's website.

And yet while about 15,000 clients connected to the hospital's internal wireless LAN on an average day, only 3,000 clients were connecting to the guest Wi-Fi network, Stefanick said.

It was clear to Stefanick the AUP page had become an obstacle with few benefits. He was, after all, securing the guest Wi-Fi with tools that monitored traffic for signs of suspicious behavior. So when a colleague asked Stefanick last December to name the one wireless initiative he would've liked to have accomplished before the end of the year, it didn't take him long to figure out the answer.

"It was a pipe dream, but I said, 'I would really like to have a wide open guest network  --  meaning, no acceptable use page,'"he said. "The acceptable use page was, to me, kind of useless. It brought on more problems than it was worth."

He made the case to the hospital's chief technology officer, who succeeded in getting executive buy-in and approval from the legal department to remove the acceptable use policy in late December. Many employees had taken off from work for the holidays, so it wasn't until a week later that they saw the effect on the guest Wi-Fi.

That's when things got a little crazy.

The number of clients connected to the guest Wi-Fi skyrocketed from 3,000 to 15,000 -- bringing the total load on the hospital's guest and internal wireless networks to 30,000 clients. In the blink of an eye, there were five times as many devices requesting access.

The consequences of rapid growth

The consequences were immediate. The DHCP server ran out of addresses. Stefanick realized his subnets were too small. His firewall could no longer support the number of address resolution protocol (ARP) requests coming from so many devices.

Initially, Stefanick wasn't sure how or why the guest network had grown so much and so fast. "[Users] didn't just discover that we had Wi-Fi overnight -- the Wi-Fi was there," he said.

He deduced that the mobile devices themselves might have something to do with it. Stefanick soon figured out that when users would leave Wi-Fi enabled on their smartphones and tablets, those devices would automatically try to connect to the guest Wi-Fi network whenever they came within range. The device would immediately hit the AUP page and, unless the user noticed and intervened, the device would drop off the network.

Once the guest network was completely open, however, all of those smartphones and tablets connected to the guest Wi-Fi without incident.

The network issues caused by such rapid growth were easy enough to fix, Stefanick said in an interview after the session. He broadened his DHCP scopes, expanded his subnets and updated his firewalls. Additionally, the move didn't create a bandwidth shortage. Stefanick noticed the guest Wi-Fi devices consumed another 50 megabits -- far below what he expected.

"What we can attribute that to is opportunistic updates -- cloud syncing and app updates," he explained.

And while the move to eliminate the AUP page created short-term challenges, Stefanick said he has no regrets when he considers the long-term benefits. During his presentation, he described a 15-year-old patient who was in the hospital for two months awaiting an organ transplant. She entertained herself with her mobile devices -- an iPhone, an iPad and a laptop. Stefanick gave her his personal cell phone number and urged her to call him if she experienced problems with the network.

"Her way out of the [hospital] was the Wi-Fi," he said. "I realized then it's not a wireless guest network anymore. It's a lifeline for a lot of people."

Dig Deeper on Wireless LAN (WLAN)