Re: Wireless clients, 2 SSID's and SBS - need recommendations
- From: "Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx>
- Date: Mon, 16 Jul 2007 11:59:13 -0500
Great advice, thanks!
(My AP's and switch all support VLAN's.)
Mike
"Matthew X. Economou" <xenophon+usenet@xxxxxxxxxx> wrote in message
news:usl7o8fm0.fsf@xxxxxxxxxxxxx
"Mike" == Mike in Nebraska <mike_webb@xxxxxxxxxxxxxxxxx> writes:
Mike> Hadn't really thought of a separate IP network. Don't know
Mike> how I'd do it without a 3rd NIC, and that is really
Mike> discouraged in teh SBS world as CEICW only recognizes 2
Mike> NIC's. If there's another way, please let me know - I need
Mike> to learn!
You could buy or build a dedicated firewall, install it between the
corporate network and the guest network, and create an packet
filtering rule set that only allows access from the guest network to
the ISA server. You will have to add a route to the guest network via
this firewall to the SBS server. You will also need to set up
DNS/DHCP on the guest network, but forwarding DNS and DHCP requests
from the firewall to SBS is simple enough. You can also publish a
proxy auto-config file for guests via DHCP (clients, including both
Internet Explorer and Firefox, will use this auto-config file by
default, if I recall correctly).
In ISA Server, set up an Internet access rule such that clients from
the guest network range are allowed to browse the web via the proxy
server, without prompting for some other form of authentication. You
may want to allow just FTP/HTTP/HTTPS plus common VPN protocols. If
you are very comfortable with ISA Server, you can introduce
time-of-day and bandwidth restrictions.
You still need an AP dedicated to your guests, for the second SSID.
You can probably get away with running this network open.
Mike> (1) I don't know what a captive portal is.
Google is your friend. Every airport hotspot that I've ever used
employs a captive portal. There's no need to authenticate access
beyond maybe a simple banner that outlines the terms of service.
Mike> Can't do a by-port VLAN as I don't have the assets. I've a
Mike> single AP wired to the switch, which is then transmitting &
Mike> receiving data frm the other 5 AP's.
Ah, a wireless bridge. I take it that this is how the guest AP is
connected back into the rest of the network. Well, at some point,
what you want to do becomes very difficult without the right hardware
or software. I guess you could hang a firewall off one of the remote
wireless access points, then add another AP behind the firewall as the
guest AP. If you build your own firewall, you can always set it up
such that it has both a wifi interface and an Ethernet interface, add
it to your wireless distribution system directly, then connect the
guest AP via the Ethernet interface.
This gets progressively more complicated, as you can see. You may be
better off acquiring equipment that supports VLANs, as well as a
dedicated router/firewall, etc.
Best wishes,
Matthew
--
"Rogues are very keen in their profession, and know already much more
than we can teach them respecting their several kinds of roguery."
- A. C. Hobbs in _Locks and Safes_ (1853)
.
- References:
- Wireless clients, 2 SSID's and SBS - need recommendations
- From: Mike_in_Nebraska
- Re: Wireless clients, 2 SSID's and SBS - need recommendations
- From: Matthew X. Economou
- Re: Wireless clients, 2 SSID's and SBS - need recommendations
- From: Mike_in_Nebraska
- Re: Wireless clients, 2 SSID's and SBS - need recommendations
- From: Matthew X. Economou
- Wireless clients, 2 SSID's and SBS - need recommendations
- Prev by Date: Re: Secured ASP pages do not work once I connect to Domain
- Next by Date: Re: OWA and RWW not accessible.
- Previous by thread: Re: Wireless clients, 2 SSID's and SBS - need recommendations
- Next by thread: IIS Problem - Help please
- Index(es):
Relevant Pages
|
