Re: Wireless network w/ SBS

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

In article <#25RIaS$GHA.1128@xxxxxxxxxxxxxxxxxxxx>,
rkircher@xxxxxxxxxxxxxxxx says...

Thanks Owen, that cleared up the issue and I have my first client connected.

Actually, Dave Nickason answered that question!

So in review. To set up a client the first thing I need to do is join the
PC to the domain via a wired connection, then setup the wireless connection,
and then disconnect the wired connection to test proper wireless
connectivity. Correct?

Correct. The initial wired connection is required so the GPOs can push
out the computer certificate and configure the NIC for the SBS network's
SSID.

The brings me to my next question. Lets say I have a guest come with a
laptop and wants simple access to the internet via the wireless connection.
Is there a easy way to provide them access while still preventing others?

This is one of the most common questions I get. I should probably
discuss it at greater length in my docs. There is a brief mention of
this on the Sample Network Diagrams appendix page in my text doc
(specifically, the "Sample 2-NIC" diagram). The skinny is:

You cannot give a guest access to the secure network without joining the
guest's computer to your domain, which you normally do not want to do.
However, there are [at least] three ways to provide guest access.

For a 1-NIC SBS:

[a] See the note at the upper left of the "Sample 2-NIC" diagram. This
is a great approach but it does require a good firewall appliance, so
you're probably looking at a cost of ~US$200 or more. For example, a D-
Link DFL-200 (or DFL-700 for larger networks) can be configured with a
"public" WAP connected to its DMZ jack. The appliance must be able to
provide DHCP service to the DMZ without having to do so to the LAN
(which uses SBS DHCP). [The DFL-200 and -700 series can do this.] You
must configure some firewall rules to prevent DMZ traffic from reaching
the LAN.

[b] You may be able to find a wireless router which provides the ability
to define a second "Guest" SSID. Devices connecting to this SSID (which
is typically not secured or uses a pre-shared key) are ONLY permitted to
access the Internet. Note that for this to work, the router must be
able to provide DHCP on the Guest SSID while leaving it disabled on the
secure SSID.

For a 2-NIC SBS:

The "Sample 2-NIC" diagram shows a "Guest" or "Public" SSID
configuration. This is my preferred configuration as it is simple to
set up, is usually inexpensive for very small networks, and can support
wired as well as wireless guests with the right hardware.

-- Owen Williams (SBS MVP)
.

Relevant Pages

  • Re: 3 PC SOHO Network setup problem
    ... As I say below, my setup should ... >>so security on the wireless side is not a major concern. ... no PC has an internet connection other than through the router. ... > only by the Guest account, which means this computer will be open to anyone. ...
    (microsoft.public.windowsxp.network_web)
  • Re: 3 PC SOHO Network setup problem
    ... >>>so security on the wireless side is not a major concern. ... >>>Our internet connection is via a cable modem connected directly to the ... >> only by the Guest account, which means this computer will be open to anyone. ... >> LAN where you wish to access all files. ...
    (microsoft.public.windowsxp.network_web)
  • Re: TV service query ? ? ?
    ... a wireless router. ... a router with extended coverage. ... cable and a wireless connection that you can not see. ... is to have users downloading r/t video, large video files, or other ...
    (alt.home.repair)
  • Re: Xbox 360 and Media Center Connectivity Problems
    ... I have a wireless g connection for internet access for my media center ... The xbox 360 only gets its internet connection ... Media Center pc wired to router ...
    (microsoft.public.windows.mediacenter)
  • Re: Wireless internet disconection
    ... i am using wireless internet connection. ... When i switch user using ...
    (microsoft.public.windowsxp.general)