How do you do....it? Thread, How do you stop non-domain members in Technical; Happy new year all,
This is my first 2010 post and was wondering if there was a simple way (other ...
5th January 2010, 03:54 PM #1
- Rep Power
How do you stop non-domain members
Happy new year all,
This is my first 2010 post and was wondering if there was a simple way (other then saying no) to allow student laptops on your network for internet access whilst preventing them browsing network shares.
We've locked our shares down as much as possible, but shares are required by software which is open and we don't want anybody just copying files off the network.
I've thought about RADIUS and VLAN but who actually has such a system in place and what costs are involved?
5th January 2010, 04:54 PM #2
What exactly do you want them to be able to do on the network?
5th January 2010, 05:32 PM #3
The easiest way to go about it is to implement a system such as Ruckus Wireless that can create a guest wireless VLAN.
It's worth bearing in mind though that any Microsoft services (e.g. authentication, Exchange, etc.) will attract additional licensing costs.
5th January 2010, 07:59 PM #4
- Rep Power
Well I just want visitors or student's personal laptops to just be able to access the Internet without the stresses of them backslashing around "\\server"
Ok thanks, how do you guys do it though?
5th January 2010, 08:29 PM #5
We've done what you're looking at - while we didn't use Ruckus, our licensing agreement with MS lets us use things like ISA Server, this may or may not be an option for you.
Pick up some Wireless APs - put these in a separate VLAN and IP Range from the rest of your network, thus creating a perimeter.
Your wireless clients will then get IPs from the server you choose to sit on that wireless network and hand out DHCP/DNS and other services.
As I'm not familiar with Ruckus - I can't help you much with that but ZeroShell is a free Linux-based 'captive portal' solution. It can integrate with AD or any other kind of database if you need authentication.
This way - your clients just come in, connect to your wifi and surf away, they can't access the main network as that's a separate thing entirely.
It's hard to put what you can do into words without saying 'Use ISA Server' - as that's what we use.
Hopefully something I've said here will give you some ideas as to how you can achieve this with hopefully, little expenditure and a little bit of work to get it initially working.
7th January 2010, 12:28 AM #6
- Rep Power
hey thanks azrael78,
I'm going to look at that this weekend and I'll let you know how I get on. It sounds like an ideal CHEAP solution!!
7th January 2010, 12:40 AM #7
maybe use Smoothwall instead of ISA Server. You could probably use Smoothwall Express, not 100% sure thou.
7th January 2010, 01:41 PM #8
I wasn't sure if Smoothwall could do what he's asking but if there's any chance - go for it.
It'll undoubtedly be cheaper than ISA and if you have issues with it, we have several people here on the forums who use it and love it.
14th January 2010, 03:07 PM #9
We've just recently started something like this using Bluesocket.
Can print off timebased accounts for visitors or student laptops which just connect to a visible network and go straight onto the net, domain laptops automatically see and connect to a hidden SSID which can access our network.
14th January 2010, 03:14 PM #10
For internet only access we used our existing wireless (not tagged to a guest vlan) and then using RADIUS moved the clients to a seperate VLAN for guest access.
This was then filtered with an ACL on the switch (on the guest vlan) to only allow access to DC's for DNS and DHCP (port based) and the firewall for 80 and 443 (HTTP / S).
14th January 2010, 03:26 PM #11
If you are Windows Server 2008 you should have access to a service called Network Access Protection
Last edited by speckytecky; 14th January 2010 at 03:32 PM.
By moggy in forum Windows Server 2000/2003
Last Post: 17th December 2008, 05:05 PM
By Dos_Box in forum General EduGeek News/Announcements
Last Post: 28th November 2008, 02:22 AM
By russdev in forum Jokes/Interweb Things
Last Post: 8th June 2007, 04:09 PM
By binky in forum Windows
Last Post: 10th April 2007, 09:40 AM
By tarquel in forum Wireless Networks
Last Post: 30th October 2006, 03:08 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)