Re: Q about VLAN's and IAS

From: "Robert L. \(MS-MVP\)" <blinNoEmailPlease@xxxxxxxx>
Date: Mon, 21 Apr 2008 12:47:17 -0500

In our case, yes, we do setup DHCP server for each VLAN.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Mike in Nebraska" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message news:%230tjdR9oIHA.2292@xxxxxxxxxxxxxxxxxxxxxxx

That doesn't sound too difficult. One question about #7 .... did you have to create DHCP scopes for each VLAN?

Mike

"Robert L. (MS-MVP)" <blinNoEmailPlease@xxxxxxxx> wrote in message news:eQvO4t8oIHA.3804@xxxxxxxxxxxxxxxxxxxxxxx
I haven't got a chance work on D-link wireless and VLAN. This is what we do.

1. All equipments are Cisco AP, switch.
2. Setup windows IAS.
3. We have 3 level wireless: wireless LAN for the employees using VLAN 100, wireless for student VLAN 200 and wireless for public VLAN 300.
4. The wireless LAN integrate with IAS so that we can use WPA enterprise and it manage the wireless connecting based on the users' domain IDs.
5. The student wireless uses WPA2 to manage the security
6. The public Wireless is not security setup.
7. Forgot to mention, you need to configure the port connecting to the AP as VLAN trunk.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Mike Webb" <mikewebb@xxxxxxxxxxx> wrote in message news:uvf0uh0oIHA.2268@xxxxxxxxxxxxxxxxxxxxxxx
Current platform: SBS 2003 Premium, 2-NIC configuration, SOHO router, L2/L3
switch (a D-Link DES-3828). Software firewall: ISA 2004 SP2.
==============
Desired end-state;
(1) Secure wired LAN that prevents unauthorized devices from obtaining an IP
address.
(2) Access for staff via wireless that prevents unathorized devices from
obtaining an IP address.
(3) Internet only access for guest/visitor wireless devices.

Available wireless devices:
(1) a mix of D-Link AP's (DWL-2200AP's and DWL-2100AP's) - all VLAN-capable
(2) wireless router (D-Link DIR-524)
(3) Unmanaged switch (D-Link DES-1024D)

References I've read:
(1) MS paper: "Deploying Windows Server 2003 Internet Authentication Servcie
(IAS) with Virtual Local Area Networks (VLANs)"
(2) MS Press book: "Deploying Secure 802.11 Wireless Networks with Microsoft
Windows" I also have the 2008 update to it.

Question: Can I implement VLAN's and IAS if only the wireless devices are
VLAN-capable?

My wired devices do not have 802.11q NIC's in them. Only the switch and the
AP's do. I work for a small non-profit in a very rural area of Nebraska, so
the security may be overkill. However, we have a fair amount of visitors
and guests that need intenet access. My goal is to provide it with the
least hazard to our LAN.

I've prowled the internet for quite a while and not been able to get the
specific answer on the above. Unfortunately, the admin guide for the switch
does not provide enough information, and I can't get their tech support to
really help either.
I think I know how to set this up, in general, but not the specifics on how
to tie it together and make it work. My thinking is to create 3 VLAN's -
one for the wired, one for the staff via wireless and the last for
guests/visitors. I could then use the references above to create the
policies needed and setup IAS, but I don't know how to isolatethem in DHCP,
nor do I know whether a rule/policy (or two) is needed in ISA Server to
complement IAS.

I can provide more info if you have questions.
I would very much appreciate any all advice/comments on this subject; it may
help solve the problem, and I'll certainly learn from it.

Mike

Follow-Ups:
- Re: Q about VLAN's and IAS
  - From: Mike in Nebraska

References:
- Q about VLAN's and IAS
  - From: Mike Webb
- Re: Q about VLAN's and IAS
  - From: Robert L. \(MS-MVP\)
- Re: Q about VLAN's and IAS
  - From: Mike in Nebraska

Prev by Date: Re: Q about VLAN's and IAS
Next by Date: Re: Domain Controller takes a long time to boot up
Previous by thread: Re: Q about VLAN's and IAS
Next by thread: Re: Q about VLAN's and IAS
Index(es):
- Date
- Thread

Relevant Pages

Re: REPOST: DSL/Networking Help
... You don't specify how you will be using the wireless ... This page has a *great* overview of how to setup ... already for networking and DSL but need help with ... Just got my SBC DSL package with a 2Wire 1701 HG ...
(Debian-User)
Re: 3 PC SOHO Network setup problem
... As I say below, my setup should ... >>so security on the wireless side is not a major concern. ... no PC has an internet connection other than through the router. ... > only by the Guest account, which means this computer will be open to anyone. ...
(microsoft.public.windowsxp.network_web)
Re: Wireless EAP Problem
... We setup Enterprise WPA2 with IAS as authentication. ... Any domain users just logon their domain user IDs without configuring computer certificate. ... Since sensitive patient info is sent over the wireless network it is essential that the communications be highly secure. ... I can easily change to PEAP in the remote access policy for IAS. ...
(microsoft.public.windows.server.networking)
Re: OT- slightly-signal jamming
... | I need to pick the brain of the collective genius ... The terms 'band' and 'music' are used only | for clarity, not because they represent accurate description. ... I'm pretty sure they are using | wireless setups. ... setup, what keeps them from going to a wired setup? ...
(rec.crafts.metalworking)
Re: Questio about Wi Fi
... I see you're one of the people that doesn't yet realize that "wireless networking" and "wireless Internet" are VERY different things. ... What I think you want is to be able to use the wireless networking features of your laptop to share your Internet connection with your desktop, in which case you need a wireless router to send out a signal that your laptop can understand, when configured properly. ...
(comp.sys.laptops)