+ Post New Thread
Results 1 to 10 of 10
How do you do....it? Thread, Providing wireless internet access for student laptops in Technical; We're floating the idea of providing Wireless internet access to which students can connect their personal laptops. Theoretically, I'd be ...
  1. #1
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    888
    Thank Post
    68
    Thanked 84 Times in 69 Posts
    Rep Power
    31

    Providing wireless internet access for student laptops

    We're floating the idea of providing Wireless internet access to which students can connect their personal laptops.

    Theoretically, I'd be using Procurve 530 APs to various Procurve switches (2524, 2650, 4100 etc). I'd create a student SSID and VLAN and patch them on the APs. Then I just need to add a port on the router (providing DHCP) to the student VLAN. The router facilitates the connection between our network and the leased line to our Grid.

    re: DHCP, would it be acceptable to have the router provide DHCP to the student VLAN, while my Windows Server provides DHCP for the default VLAN, since both VLANs won't be communicating?

    Does that sound feasible?
    Last edited by meastaugh1; 17th January 2008 at 06:21 AM.

  2. #2

    Join Date
    Jan 2008
    Location
    In a house
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Well, I would give it a go, just set up one or 2 routers (if you have any spare, or just take down 1 or 2 routers that dont get used) and set them up as a temporary beta access point. so just let them log onto the router and make them put in their cc3 cresidentials (or whatever system you use) so no-one else who may be around the school can use it and see how it goes...

  3. #3

    Join Date
    Jan 2008
    Posts
    12
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    13
    Hi we're talking to suppliers to outline a wlan for a new build with a 6th form 'dropin' facility. Because of the numbers we're discussing having managed switches and 'thin' APs. This will allow a web based control panel to control access both thru the switch to the network and the actual ability to connect, for all APs from one point. On top of this will be auto load sharing/hand off so if the students are all at one end of the room then the other APs will share the work. If you have 'thick' (standard) APs then the nearest gets all the workload and your speeds drop right off. Not particularily cheap but nice n shiney! Otherwise we run a std thick AP from a trolley/vault and that's fine for a room.

  4. #4

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,582
    Thank Post
    107
    Thanked 761 Times in 592 Posts
    Rep Power
    179
    @meastaugh1: Although technically sound, does that plan take into account the Ts & Cs of your Internet connection and will you be filtering the connection so that you live up to your duty of care?

    Will you also be charging for the service as it will inevitably add to your workload?

    Managed wireless systems such as BlueSocket can be configured to sort all these problems out and allow the APs to broadcast multiple SSIDs on different VLANs. There is even a built in web doobery that you can set up to take credit card payment!

  5. #5
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    888
    Thank Post
    68
    Thanked 84 Times in 69 Posts
    Rep Power
    31
    Thanks all for your replies thus far.

    Quote Originally Posted by Ric_ View Post
    @meastaugh1: Although technically sound, does that plan take into account the Ts & Cs of your Internet connection and will you be filtering the connection so that you live up to your duty of care?
    I would consult with our Grid re: T&C of service. I would hope to provide an additional layer of filtering and monitoring through our Fortinet box, which is due to materialise shortly.

    Will you also be charging for the service as it will inevitably add to your workload?
    Certainly not initially as it would only be intended for a select few. I'd rather stay away from charging if possible.

  6. #6

    Join Date
    Jul 2007
    Location
    Nottingham
    Posts
    194
    Thank Post
    17
    Thanked 7 Times in 7 Posts
    Rep Power
    15
    I find the 3Com wireless controllers work well and provide a long list of functions (reasonably priced for education too). If you do go for a 'thin ap' solution I'd recommend having a supplier that has proper support for the product so they can assist in the setup. That is unless you've got a decent amount of free time.

    As far as controlling internet access I'd be tempted to put an ISA box on the VLAN that has 3 nics. One for the Internet access, one for the VLAN and one for access to your domain. Then you can get all the users to authenticate on the ISA box using their domain username/password. Surely that way you'd be able to meet the T+C of your RBC.

  7. #7
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    29
    Quote Originally Posted by Ric_ View Post
    Managed wireless systems such as BlueSocket can be configured to sort all these problems out and allow the APs to broadcast multiple SSIDs on different VLANs. There is even a built in web doobery that you can set up to take credit card payment!
    Ric, would the bluesocket stuff do VLANS even if your network only has the one VLAN? (if that makes sense)

  8. #8

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,151
    Thank Post
    369
    Thanked 365 Times in 323 Posts
    Rep Power
    145
    We have just setup a VLAN for our wireless network with a Smoothwall box providing p2p, MSN blocking and dishing out the IP's through its DHCP server. The smoothwall box then connects to a proxy server and then out to the outside world.

    Haven't rolled it out to any students yet, but through testing in the last couple of days it looks promising.

    Has anybody used smoothwall 3.0 and setup DansGuardian / some sort of web filtering to enable the blocking of blacklisted sites. There is a level of filtering provided by our LEA and we use a Censornet box on the main curriculum network but we need to provide additonal filtering on the laptops also.

    Thanks

  9. #9

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    732
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36

    VLANs

    Quote Originally Posted by meastaugh1 View Post
    We're floating the idea of providing Wireless internet access to which students can connect their personal laptops.

    Theoretically, I'd be using Procurve 530 APs to various Procurve switches (2524, 2650, 4100 etc). I'd create a student SSID and VLAN and patch them on the APs. Then I just need to add a port on the router (providing DHCP) to the student VLAN. The router facilitates the connection between our network and the leased line to our Grid.

    re: DHCP, would it be acceptable to have the router provide DHCP to the student VLAN, while my Windows Server provides DHCP for the default VLAN, since both VLANs won't be communicating?

    Does that sound feasible?
    Hi there,

    We have implemented this using the Cisco Aironet APs and it works well. We have completely seperated this network from the main network by using VLANs. The default gateway for the student's wireless network is the firewall which has filtering software (added addition NIC to the FW) and it filter the internet access all from single point i.e. the firewall (ISA Server). At the ISA server we also given the student ability to access their My Docs (via easylink) and their webmail (OWA) and Internet Access with heavy restrictions (via web filtering). It works well and the APs are used for the corp. network as well because it supports VLANs and multiple SSIDs.

    Regarding the DHCP server i would just setup a normal windows box with DHCP server on the same network as the student's wireless and let that dish out the IP addfess, this way its not touching on anything to do with the main network. If this PC/Server crashes then all that is lost is the student's wireless network. A Virtual server could also come in handy for this i suppose.

    To manage the non-domain laptops we use 802.1x authentication with IAS server to authenticate users using their normal network username and password. This has been a great success because they don't have to remember yet another logon credentials.

    HTH,

    Ash.
    Last edited by spc-rocket; 2nd February 2008 at 10:49 AM.

  10. Thanks to spc-rocket from:

    meastaugh1 (2nd February 2008)

  11. #10

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,582
    Thank Post
    107
    Thanked 761 Times in 592 Posts
    Rep Power
    179
    Quote Originally Posted by TeddyKGB View Post
    Ric, would the bluesocket stuff do VLANS even if your network only has the one VLAN? (if that makes sense)
    You run all your wireless traffic along a separate VLAN back to the controller. The controller then handles who and what has access to where.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 102
    Last Post: 16th October 2009, 05:12 PM
  2. Licenses & Student Owned Laptops
    By byron67 in forum Educational Software
    Replies: 5
    Last Post: 15th January 2008, 09:29 AM
  3. Teachers Laptops, Internet Access
    By plexer in forum Wireless Networks
    Replies: 15
    Last Post: 14th September 2007, 06:37 PM
  4. what do you do - student laptops on domain
    By e_g_r in forum School ICT Policies
    Replies: 5
    Last Post: 13th June 2007, 08:56 AM
  5. Student Laptops / Domain access...
    By Ben_Stanton in forum How do you do....it?
    Replies: 8
    Last Post: 3rd May 2007, 09:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •