Re: Allowing Visitor Internet access

Tech-Archive recommends: Fix windows errors by optimizing your registry

Based on the info provided, I don't think you can implement Merv's suggestion "as-is." It is common practice to deploy a firewall device in front of SBS, but in your case it appears that your SBS box has your public IP address directly. This would imply that your internet connection device (cable/DSL modem) is acting strictly as an ethernet bridge. That really prevents you from segmenting your network as Merv suggested.

From a security perspective, BTW, I'd recommend adding a firewall to your
configuration. Then you can move forward. Otherwise you will have to look at doing a more complex deployment. One thing to keep in mind when making this decision, which you may not have realized, is that by deploying the access point outside of the LAN, you won't be able to have it serve dual duty as a guest AP and provide authenticated access to your SBS server.

Again, IMO, from security perspective, this is a *good* thing. Wireless access points are inexpensive and I'd rather buy two than try to go through the effort and risk of having one perform two tasks and attempt to keep guests isolated. I just wanted to point it out as I've seen people go through the setup and then not get the results they expected.

-Cliff


"Chad" <Chad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4629921D-9CCE-4931-B2CA-276673857B4F@xxxxxxxxxxxxxxxx
Merv thanks for the super quick response!

I will have a static IP address provided from comcast so how will these IP
addresses be assigned?

For example:
cable (static) 75.144.223.1 - Wireless router w/ dhcp
192.168.1.1...2...3....etc - SBS external NIC 75.144.223.2 - SBS internal NIC
(w/dhcp) 192.168.16.1

All internal LAN computers 192.168.2....3....4 etc

Thanks

"Merv Porter [SBS-MVP]" wrote:

Hi Chad,

Yes. With two NICS in the SBS server, the SBS LAN is isolated from the
router LAN. You could then turn on the DHCP service on the router and it
should not interfere with the SBS DHCP service. That would give your your
wireless guests Internet access (only) by providing them an IP address in
the same subnet as the LAN side of the router.

Owen Williams wrote a great article on setting up an even more secure
wireless network:

Configuring Secure Wireless Network Access with Microsoft® Windows® Small
Business Server 2003
http://home.comcast.net/~clearviewtc/

--
Merv Porter [SBS-MVP]
============================

"Chad" <Chad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B661612A-B735-4E47-BD82-0979C164F6D8@xxxxxxxxxxxxxxxx
> Is there a way to provide wifi access to visiting clients just using a
> wireless router? For example cablemodem - wireless router - sbs2003 > (2
> nic
> standard) - switch - internal lan. Thanks
>
> "Owen Williams" wrote:
>
>> Bibbob:
>>
>> Following up on my earlier post (to Merv's response), I am using a
>> configuration like this at one client's site so that an SBS2003 >> network
>> and a Guest PC can share a DSL Internet connection:
>>
>> +-------+
>> |DSL Mdm| 192.168.1.1
>> +-------+
>> |
>> +-------+ 192.168.2.1
>> | Router| DHCP Server Enabled -
>> +-------+ Exclude 1st 10 IPs
>> | |
>> | +-------------+
>> | |
>> |192.168.2.2 |
>> | [Ext. NIC] |DHCP IP
>> +-------+ +-------+
>> |SBS2003| |GuestPC|
>> +-------+ +-------+
>> | [Int. NIC]
>> |192.168.16.1
>> |
>> +--------+
>> | Switch |
>> +--------+
>> | | | |
>> | | | |
>> [Domain PCs]
>>
>> SBS2003 runs either the RRAS or ISA2004 firewall so Ext. NIC
>> (192.168.2.2) is protected.
>>
>> "GuestPC" could be a Wireless Access Point with a STATIC address of, >> for
>> example, 192.168.2.3 (which is used primarily for WAP administration).
>> Then, guest PCs with wireless capabilities associate with the WAP and
>> get an IP address from the (wired) Router.
>>
>> Since Wireless Routers are easier to find (and often less expensive)
>> than WAPs, you can use one as a WAP provided you:
>>
>> - disable the DHCP server on the Wireless Router
>> - connect an Ethernet cable from the (wired) Router to one of the >> switch
>> jacks (there are most often 4) on the Wireless Router. Do NOT connect
>> anything to the Wireless Router's "WAN" or "Internet" jack.
>>
>> -- Owen Williams
>>



.

Relevant Pages

  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... DHCP running on the router. ... Set the DHCP on the router, to make a exclusion of IP range. ... you can set the SBS use fix IP by run the CEICW. ... all gust wireless clients will get IP address from DHCP on the ...
    (microsoft.public.windows.server.sbs)
  • Re: Router/Wireless Install
    ... >> in when you connected to the wireless. ... SBS Standard is just allowing the outbound connection to the Internet ... >> - Best security is WPA2 with IAS authentication. ... > SBS or the router to correct the problem. ...
    (microsoft.public.windows.server.sbs)
  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... DHCP running on the router. ... Set the DHCP on the router, to make a exclusion of IP range. ... you can set the SBS use fix IP by run the CEICW. ... all gust wireless clients will get IP address from DHCP on the ...
    (microsoft.public.windows.server.sbs)
  • Re: How do I configure SBS 2003 as a DHCP server?
    ... To disable the private "LAN" side DHCP service (not the DHCP service on the ... of the PPPoE adapter and enable your Speedstream as a DSL modem and router. ... For the Vista computer to interact with SBS, ... Windows Small Business Server 2003: ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect a Wireless Router to my SBS Network
    ... , the other end into the wireless router, assign the WAN ... Unless you have a good reason against it, I would connect the Airlink ... other end of the cable to the external NIC on your SBS server. ...
    (microsoft.public.windows.server.sbs)