Re: ISA 2004 - How to allow Guest and Client access from wireless

Ah-dig a trench to the bunkhouse and drop in a CAT 5 cable (max length is ~
300 ft.). Oops probably not too practical but would sure solve your problem!

How about another dedicated AP with directional antenna to the bunkhouse AP?
That could plug into another port on the router. With SBS and external NIC
you can actually have a DHCP service turned on a router that causes no
interference with the SBS DHCP server.

One clarification-I'd think the satellite cable connection to the router
would be to some "WAN" port rather than internal?

"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:usKKQSfqHHA.4548@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for coming aboard.

The bunkhouse has a directional antenna pointed at the main building, so
it's at the far end -- about 250-ft to the omni-directional antenna on our
roof.

The router has 4 "internal" ports; one is taken up by the cable to/from
the satellite modem and one to the external NIC.

I use SBS's DHCP, not the router - although it is capable.

Cell phones work fine, but not for data at our location. There are towers
in the area, but clear LOS is blocked by lines of trees along the creeks
and fencelines.

Mike

"Steve" <newsgroup@xxxxxxxxxx> wrote in message
news:OviyJFfqHHA.4324@xxxxxxxxxxxxxxxxxxxxxxx
How far is the bunkhouse from the location of the satellite connection to
the router? How many "internal" ports does the router have? Does it
provide DHCP service for its "internal side." I'm trying to see if there
is some alternative config that will work for you and abide by Cris' well
justified keep the guests on the "outside" of the network. Do you have
cellular service with data capability from any provider out there in your
"boonies?"

"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:%23zG4MveqHHA.4108@xxxxxxxxxxxxxxxxxxxxxxx
Landline won't work. We're 1.5 miles from the main road and another
mile or so to a place we can tap into. We've got someone who ran a T1
our here for a wildlife webcam - costs them $2100/mo (ouch!). Our only
solution is satellite as we're not in the range or line-of-sight for
wireless ISP.

"Cris Hanna [SBS-MVP]"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ucLZYqeqHHA.3372@xxxxxxxxxxxxxxxxxxxxxxx
Mike
If you move it to the router then you will lose connectivity to the lan
for the true workers

Just curious...what about a separate residential DSL or Cable going to
the bunk house with a DLink wireless router there for the "guest
access.

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:urF$yneqHHA.500@xxxxxxxxxxxxxxxxxxxxxxx
I'm getting the strong impression that the "only" way to achieve my
goal is to have 2 wireless networks - one connected to the router and
one as-is connected to the switch. However, money's a problem (always
is with a nonprofit).

If I move the wireless from the switch to the router (which would mean
VLAN's are out - router isn't 802.1Q capable), could I then accomplish
what I want to do? Or is there another way that, while not the best
security-wise, would go most of the way to solving my problem? If it
helps, we're 'way out in the boonies, so those who come here are by
invitation. The big caveat to that is that a bunch of them are grad
students who have down time at night with their laptops in our "bunk
house".

Mike

"Cris Hanna [SBS-MVP]"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:O7s42feqHHA.4180@xxxxxxxxxxxxxxxxxxxxxxx
Guest access should not be from "inside" the LAN and on the same
network as your "workers".
Are these "guests" connecting from anywhere other than the main
building?

In my main enterprise job...we have a secure wireless network for
employees, etc with one SSID we have a second network/SSID for
Guests

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:OvsNBXeqHHA.4100@xxxxxxxxxxxxxxxxxxxxxxx
Running SBS 2003 Premium SP2, SQL, Exchange, ISA 2004, WSUS 3.0, 2
NICs and a router, dynamic IP, DDNS service through dyndns.org,
Symantec Backup Exec 11d, managed switch D-Link DES 3828 (802.1Q
capable), 5 Access Points - D-Link DWL-2200AP's (802.1Q capable),
and the internal NIC is also 802.1Q capable.
========================
I'm in over my head so thought it best to ask for advice than
"experiment".

Goal: Using my wireless access points (AP's), provide guests and
visitors internet ONLY access, and employees, temp. workers LAN
access.

Background: Purchased and installed 5 AP's - one hard-wired to
switch and it "talks" with the other 4 in our outer buildings.
Purchased and installed a managed switch as it can do VLAN's.
Created 4 VLAN's - (1) has all ports and used for management, (2)
has only Port 2 (internal NIC), for internet access, (3), has all
ports except Port 5 (which is checked "Forbidden") for my LAN, and
(4) has ports 2 and 5 for the wireless side.
The AP's are capable of using VLAN's and Multiple SSID's (up to 3 of
them for Guests). The AP's can be configured for all the usual
security modes.

I have exchanged many emails and phone calls with D-Link's tech
support to learn and set up the switch and VLAN's. I was told this
morning (by their tech support) that, because I have only a single
VLAN for wireless, I need to set a rule in ISA 2004 to finalize what
my goal is.

I admit to being "scared" to set or change rules in ISA without a
good grasp of SPECIFICALLY what I need to do. That's why I thought
I'd ask. I don't know, through my inexperience, how to mentally
frame the problem and then the solution, in terms I can tanslate
into an ISA rule.

Has someone out there been through this before, and be willing to
lend some advice and lessons-learned?

Many thanks in advance!!
--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a 501 (c)(3) conservation non-profit organization















.

Relevant Pages

  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... complicated wireless configurations so just trying to suggest something ... That could plug into another port on the router. ... Are these "guests" connecting from anywhere other than the main ... and visitors internet ONLY access, and employees, temp. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... not the router - although it is capable. ... the bunk house with a DLink wireless router there for the "guest access. ... If I move the wireless from the switch to the router (which would mean ... Are these "guests" connecting from anywhere other than the main ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... these Guest SSID's "programmed/preconfigured" to allow internet only access, ... (I'm a relative newbie to wireless, ... That could plug into another port on the router. ... Are these "guests" connecting from anywhere other than the main ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... (I'm a relative newbie to wireless, ... That could plug into another port on the router. ... Cris' well justified keep the guests on the "outside" of the network. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... That could plug into another port on the router. ... Cris' well justified keep the guests on the "outside" of the network. ... to the bunk house with a DLink wireless router there for the "guest ...
    (microsoft.public.windows.server.sbs)