+ Post New Thread
Results 1 to 3 of 3
How do you do....it? Thread, Seperating Network Traffic in Technical; Right, here's the scenario The school will have (at the end of the month) a public Cafe opening - with ...
  1. #1
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 157 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65

    Seperating Network Traffic

    Right, here's the scenario

    The school will have (at the end of the month) a public Cafe opening - with expected wirelss access to the internet.

    I have a managed wireless network which I can create VLAN's on (And have done this, one for the School, one for the Coffee Shop), but I want some way of securing traffic so that the only thing that public laptops can see and interact with is our Internet Gateway.

    Anyone got any suggestions - I also need a way to distribute proxy setting to public laptops (via a script i assume?)

    Cheers, Ben

  2. #2
    TwoZeroAlpha's Avatar
    Join Date
    Nov 2008
    Location
    Colchester, Essex
    Posts
    473
    Thank Post
    69
    Thanked 66 Times in 53 Posts
    Rep Power
    35
    If it's public I expect people aren't going to be happy with something tinkering with their proxy settings, I can imagine the cry now

    "I went to the school cafe, browsed the web and now I can't get online at home... must be a virus"

    How about a dedicated DHCP server for the cafe with the setting gateway pointing to your desired proxy?

  3. #3

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    22
    Create a new SSID in a new vlan.

    Depending on your topology either on your l3 switch or firewall create an ACL to only permit the following and deny all other traffic:

    permit dhcp, to your dhcp server (or firewall if that serves out your requests for this), permit dns to the relevant ip and allow tcp port 80 along with whatever other online services you need them to have (443 for ssl etc) - all this permitted to the ip of your proxy or default gateway only - drop / deny all other traffic.

    I'd go with transparent proxy (i.e don't specify one) for ease to be honest.

    Thats how I've done it and works well for me.

  4. Thanks to ssiruuk2 from:

    Mr.Ben (12th November 2009)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 5
    Last Post: 14th July 2008, 10:10 AM
  2. Network traffic reports
    By CraigM in forum Wireless Networks
    Replies: 11
    Last Post: 15th March 2008, 12:09 AM
  3. Unessasary network traffic from printers.
    By tosca925 in forum Wireless Networks
    Replies: 6
    Last Post: 14th August 2007, 10:10 PM
  4. Monitoring network traffic on our server
    By Kyle in forum Wireless Networks
    Replies: 6
    Last Post: 6th December 2006, 12:47 PM
  5. Analyse Network Traffic
    By SpuffMonkey in forum How do you do....it?
    Replies: 10
    Last Post: 15th January 2006, 06:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •