Re: Using DHCP to separate activity?
- From: "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 26 Mar 2008 16:55:22 -0400
A few thoughts...
I think the cheapest/easiest way to approach this, while maintaining
reasonable security, is to put a second NIC in the SBS server and purchase a
cheap wireless router (Linksys WRT54G, less than $45). I know it means
spending money, but, as you mentioned, you need to get the guest wireless
devices outside of the domain. The second NIC might be one that's been
pulled from an older machine. Many of these are compatible with Windows
Server 2003 even if they are on the HCL (Hardware Compatibility List) for
Win2003.
Change the current router's LAN IP address to a different subnet (like
192.168.10.1). You could then connect the current router to the second NIC
(IP = 192.168.10.x), re-run CEICW, enable the firewall, select your services
and then complete the rest of CEICW. The addition of the second NIC in the
SBS server will separate your LAN from your current router. You can then
use this router for guest web access.
Two Nics, a dynamic IP address, ISA and a router
(diagram works with or without ISA)
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/74/Two-Nics-a-dynamic-IP-address-ISA-and-a-router.aspx
Back to the SBS, re-running CEICW will set it up as the DHCP server for the
LAN. You would then configure the new Linksys WRT54G as an access point for
internal (LAN) wireless devices.
Cascading (Connecting) a Linksys Router to Another Linksys Router
Subsection: Cascading the Linksys Router to Another Linksys Router
(LAN-LAN)
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=3733&p_created=1152002311&p_sid=EQrnOH_i&p_accessibility=0&p_lva=3733&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MTM4NCZwX3Byb2RzPTAmcF9jYXRzPTAmcF9wdj0mcF9jdj0mcF9zY2ZfbGFuZz0xJnBfcGFnZT0xJnBfc2VhcmNoX3RleHQ9Q2FzY2FkaW5nIChDb25uZWN0aW5nKSBhIExpbmtzeXMgUm91dGVyIHRvIEFub3RoZXIgTGlua3N5cyBSb3V0ZXI*&p_li=&p_topview=1
In this case, the new router would be connected to the switch (where the SBS
server and LAN workstations are connected)
WRT54G Emulator
http://ui.linksys.com/files/WRT54G/v8/8.00.0/
WRT54G Router (Amazon.com)
http://www.amazon.com/Linksys-WRT54G-Wireless-G-Router/dp/B00007KDVI
--
Merv Porter [SBS-MVP]
============================
"Bazooka-Joe" <bazooka-joe@xxxxxxxxxxx> wrote in message
news:ecfb63a4-3dc3-43b5-9b7d-1f27c9d55f88@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Is it possible, within Windows DHCP (Windows Server 2003 R2 SP2), to
specify a range for wired clients and a separate range for wireless
clients?
Background: a small organization, two servers (both domain
controllers), one running DHCP. Client systems connected to this
network fall in three categories:
1. Permanently wired desktop systems for office workers, members of
the domain.
2. Wireless notebook systems for office workers, members of the
domain.
3. Guest laptops needing Internet connectivity only, not members of
the domain, wirelessly connected.
All three client types will be getting their addresses from DHCP. I
was thinking of disabling DHCP services on the wireless router
(Linksys) altogether. I wanted to specify a range of IP's, perhaps
even on a different subnet for the wireless clients to keep them as
separated as possible from the domain. Then create reservations for
the couple of laptops that are domain members, assuming that would
supercede whatever rules could be established to force wireless
guests
to a different range/subnet.
I'm supporting a VERY small, non-profit organization with not much of
a budget for this kind of work.
Most of the equipment I have at my disposal is either old, borrowed,
or was obtained cheaply/free. Labor to design and implement whatever
I come up with will be donated. Sparing me the "you get what you pay
for"
anecdotes...what's the most efficient way to accomplish separating
guest wireless connections that need Internet access only, from
legitimate office workers on both wired desktops and wireless
laptops? I cringe at the idea of trusting the Linksys router for
network security, but perhaps I'll need to do that if I can't
separate
things out a little via DHCP.
Perhaps DHCP is not the tool to attempt isolation/segregation with.
But GPO's/IPsec will only apply to members of the domain and guests
will only interact with resources on the LAN at the level of the
router and DHCP server. I don't have too many other options right
now. The only networking equipment I have at my disposal is A) a DSL
modem, B) a wireless Linksys router, and C) a small 6-8 port switch
with little to no onboard intelligence (doubtful any VLAN
capabilities). No DMZ, no ISA, no proxy, no dedicated firewalls,
etc.
Ideas? Suggestions? I'm open to anything at this point. I'm just
beginning the design phase.
Thanks in advance.
.
- References:
- Using DHCP to separate activity?
- From: Bazooka-Joe
- Using DHCP to separate activity?
- Prev by Date: Re: Adding a W2K server to a SBS network
- Next by Date: Re: Static IP and RWW
- Previous by thread: Using DHCP to separate activity?
- Next by thread: Re: Using DHCP to separate activity?
- Index(es):
Relevant Pages
|
