RE: Networking Question - VLAN's on SBS 2003 Premium SP1

Hello Mike,

Thank you for posting here.

According to your description, I understand that you want to setup wireless
network in your SBS LAN. If I have misunderstood the problem, please don't
hesitate to let me know.

First, this is a consulting question, but not a technical issue, which we
focus on in this newsgroup. Therefore, we can give you some general
information.

To deploy the wireless in SBS network, please refer to the following page:

Configure Wireless Networking on Windows Small Business Server 2003
http://technet2.microsoft.com/WindowsServerSolutions/SBS/en/library/6202a4df
-3daf-4fa5-9f4d-a409dfddfc171033.mspx?mfr=true

Based on my knowledge, I think you do not need the 3 VLANs in your SBS LAN.
The VLANs make the network complex, and we are not ensure the DHCP will
work fine among the VLANs.

I suggest you do not set VLAN in your switch, and connect the wireless APs
to the switch directly for the internal wireless client, all the wireless
or cable clients are in one internal LAN. This will make the ISA server
2004 configuration easier. We do not need to customize any rules, only need
to use the default SBS rules, which created by CEICW.

For the wireless guest users, we can make them to connect to your wireless
router. Then, the guest will unable to access any resource on your SBS LAN,
and could only access Internet thru the router. Please enable DHCP on the
router for the wireless guest users.

The network likes following:

{Internet}=={wireless router}~~{ wireless guest users}
||
={SBS}=={switch}=={cable clients}
||
={wireless
APs}~~{internal wireless clients}

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: "Mike Webb" <mikewebb@xxxxxxxxxxx>
Subject: Networking Question - VLAN's on SBS 2003 Premium SP1
Date: Sun, 6 Jul 2008 19:59:03 -0500
Lines: 48
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Message-ID: <upcnOy83IHA.1204@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: mail.nebraska.tv 71.8.230.10
Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:114147
X-Tomcat-NG: microsoft.public.windows.server.sbs

I've got an idea to (finally) extend out LAN so that the staff can get in
wirelessly and guests can only get to the internet.

I've read and re-read Owen Williams doc, the MS doc and the MS Press book,
"Deploying Secure 802.11 Wireless Networks with Microsoft Windows". I'll be
using all 3 to architect this.

But, to begin with, I want to setup and test a very basic system. And I'd
like some feedback on whether I'm correct in my thought process, or that
I've strayed and should consider another idea.

Here's what I've got: 2-NIC box with ISA-2004 SP3, one of which (the
internal) is VLAN-capable; a L2/L3 managed switch, a wireless router, and
10
wireless AP's.

Here's what I intend to do for the initial test:
(1) setup 3 VLAN's on the switch - one for admin purposes (VLAN1), one for
wireless staff use (VLAN2), and one for wireless guest use (VLAN3).
(2) configure the VLAN-capable NIC for VLAN 2 and VLAN3 (I'll see them show
up as virtual NIC's in Network Connections once I press OK.
(3) create network sets in ISA 2004 for the IP ranges I'll use for VLAN2
and
VLAN3.
(4) add VLAN2 set to the Firewall Rules the rest of the wired domain uses
(5) add VLAN3 to Internet Access rule in Firewall Rules
(6) create scopes in DHCP for each IP range I'll use for VLAN2 and VLAN3
(7) stop and start Firewall Service
(8) re-run CEICW
(9) set 2 AP's up, one for each VLAN, to test with - using WPA2 security
(for now)

Testing:
(1) ensure full access from within the wired LAN (to test that it is
unaffected)
(2) connect a WinXP Pro SP2 laptop to a VLAN2 AP (wirelessly) and see if I
get an IP, that I have access to the domain and all shares I normally am,
and have internet access
(3) connect a WinXP Pro SP2 laptop to a VLAN3 AP (wirelessly) and see if I
get an IP, and that ALL I get is access to the internet.

Will this accomplish my goal to see if the very basics work? And if not,
what should I change?

--
MikeWebb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit (501(c)(3)) organization




.

Relevant Pages

  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... Finally was able to get some network downtime to make the change in routers ... wireless router, but - once connected to the SBS box and I've run CEICW, the ... I ran the ISA and SBS BPA's and didn't see anything. ... I put the old router back in service so I could work on this some more. ...
    (microsoft.public.windows.server.sbs)
  • Re: Wireless Network Issue - SBS2K3 - Configuration and / or Topol
    ... I am quietly confident that moving the SBS to ... and the SBS is the DHCP/DNS server - but everything else in my house is ... wireless and it works fine. ... cause is incorrect network configuration and / or hardware topology. ...
    (microsoft.public.windows.server.sbs)
  • Re: Linksys wireless router use in SBS 2003 network
    ... That's the one people access from the parking lot or whatever, but I don't care because the SonicWall explicitly blocks access to the SBS network from the public wireless network. ... I understand the pressure to provide employees and guests with personal-use Internet access, but IMO such access needs to be isolated from the business domain. ...
    (microsoft.public.windows.server.sbs)
  • Re: Best way to connect via wireless in new SBS install?
    ... that's the only network there is. ... Les Connor [SBS Community Member - SBS MVP] ... I see now how to have my wireless laptop connect internally. ... > there any downside to having all wireless internet go through SBS? ...
    (microsoft.public.windows.server.sbs)
  • TidBITS#785/27-Jun-05
    ... Jeff Carlson continues his exploration of computerized poker ... and Adam examines both the Canary Wireless ... Rogue Amoeba's Audio Hijack Pro ... A Canary in the Network ...
    (comp.sys.mac.digest)