Networking Question - VLAN's on SBS 2003 Premium SP1

I've got an idea to (finally) extend out LAN so that the staff can get in
wirelessly and guests can only get to the internet.

I've read and re-read Owen Williams doc, the MS doc and the MS Press book,
"Deploying Secure 802.11 Wireless Networks with Microsoft Windows". I'll be
using all 3 to architect this.

But, to begin with, I want to setup and test a very basic system. And I'd
like some feedback on whether I'm correct in my thought process, or that
I've strayed and should consider another idea.

Here's what I've got: 2-NIC box with ISA-2004 SP3, one of which (the
internal) is VLAN-capable; a L2/L3 managed switch, a wireless router, and 10
wireless AP's.

Here's what I intend to do for the initial test:
(1) setup 3 VLAN's on the switch - one for admin purposes (VLAN1), one for
wireless staff use (VLAN2), and one for wireless guest use (VLAN3).
(2) configure the VLAN-capable NIC for VLAN 2 and VLAN3 (I'll see them show
up as virtual NIC's in Network Connections once I press OK.
(3) create network sets in ISA 2004 for the IP ranges I'll use for VLAN2 and
VLAN3.
(4) add VLAN2 set to the Firewall Rules the rest of the wired domain uses
(5) add VLAN3 to Internet Access rule in Firewall Rules
(6) create scopes in DHCP for each IP range I'll use for VLAN2 and VLAN3
(7) stop and start Firewall Service
(8) re-run CEICW
(9) set 2 AP's up, one for each VLAN, to test with - using WPA2 security
(for now)

Testing:
(1) ensure full access from within the wired LAN (to test that it is
unaffected)
(2) connect a WinXP Pro SP2 laptop to a VLAN2 AP (wirelessly) and see if I
get an IP, that I have access to the domain and all shares I normally am,
and have internet access
(3) connect a WinXP Pro SP2 laptop to a VLAN3 AP (wirelessly) and see if I
get an IP, and that ALL I get is access to the internet.

Will this accomplish my goal to see if the very basics work? And if not,
what should I change?

--
MikeWebb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit (501(c)(3)) organization


.

Relevant Pages

  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... complicated wireless configurations so just trying to suggest something ... That could plug into another port on the router. ... Are these "guests" connecting from anywhere other than the main ... and visitors internet ONLY access, and employees, temp. ...
    (microsoft.public.windows.server.sbs)
  • Re: TV service query ? ? ?
    ... a wireless router. ... cable and a wireless connection that you can not see. ... contract with the cable company for one legitimate internet service? ...   Here's the guy reselling service, collecting money, ...
    (alt.home.repair)
  • Growth of Wireless Internet Opens New Path for Thieves
    ... Growth of Wireless Internet Opens New Path for Thieves ... The spread of the wireless data technology known as Wi-Fi has reshaped ... Wi-Fi networks of unsuspecting consumers and businesses to help cover ...
    (alt.computer.security)
  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... these Guest SSID's "programmed/preconfigured" to allow internet only access, ... (I'm a relative newbie to wireless, ... That could plug into another port on the router. ... Are these "guests" connecting from anywhere other than the main ...
    (microsoft.public.windows.server.sbs)
  • Re: TV service query ? ? ?
    ... a wireless router. ... a router with extended coverage. ...   Probably not. ... contract with the cable company for one legitimate internet service? ...
    (alt.home.repair)