+ Post New Thread
Results 1 to 11 of 11
How do you do....it? Thread, How do you stop non-domain members in Technical; Happy new year all, This is my first 2010 post and was wondering if there was a simple way (other ...
  1. #1

    Join Date
    Mar 2007
    Posts
    323
    Thank Post
    6
    Thanked 7 Times in 6 Posts
    Rep Power
    16

    Question How do you stop non-domain members

    Happy new year all,

    This is my first 2010 post and was wondering if there was a simple way (other then saying no) to allow student laptops on your network for internet access whilst preventing them browsing network shares.

    We've locked our shares down as much as possible, but shares are required by software which is open and we don't want anybody just copying files off the network.

    I've thought about RADIUS and VLAN but who actually has such a system in place and what costs are involved?


    Many thanks


  2. #2
    TheLibrarian
    Guest
    What exactly do you want them to be able to do on the network?

  3. #3

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180
    The easiest way to go about it is to implement a system such as Ruckus Wireless that can create a guest wireless VLAN.

    It's worth bearing in mind though that any Microsoft services (e.g. authentication, Exchange, etc.) will attract additional licensing costs.

  4. #4

    Join Date
    Mar 2007
    Posts
    323
    Thank Post
    6
    Thanked 7 Times in 6 Posts
    Rep Power
    16
    Well I just want visitors or student's personal laptops to just be able to access the Internet without the stresses of them backslashing around "\\server"

    Ok thanks, how do you guys do it though?

  5. #5
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20

    Cool

    We've done what you're looking at - while we didn't use Ruckus, our licensing agreement with MS lets us use things like ISA Server, this may or may not be an option for you.

    In short:

    Pick up some Wireless APs - put these in a separate VLAN and IP Range from the rest of your network, thus creating a perimeter.

    Your wireless clients will then get IPs from the server you choose to sit on that wireless network and hand out DHCP/DNS and other services.

    As I'm not familiar with Ruckus - I can't help you much with that but ZeroShell is a free Linux-based 'captive portal' solution. It can integrate with AD or any other kind of database if you need authentication.

    This way - your clients just come in, connect to your wifi and surf away, they can't access the main network as that's a separate thing entirely.

    It's hard to put what you can do into words without saying 'Use ISA Server' - as that's what we use.
    Hopefully something I've said here will give you some ideas as to how you can achieve this with hopefully, little expenditure and a little bit of work to get it initially working.

    HTH,

    Az

  6. #6

    Join Date
    Mar 2007
    Posts
    323
    Thank Post
    6
    Thanked 7 Times in 6 Posts
    Rep Power
    16
    hey thanks azrael78,

    I'm going to look at that this weekend and I'll let you know how I get on. It sounds like an ideal CHEAP solution!!

    Thx again

  7. #7
    Devontechie's Avatar
    Join Date
    Nov 2007
    Location
    UK
    Posts
    889
    Thank Post
    177
    Thanked 196 Times in 160 Posts
    Rep Power
    70
    maybe use Smoothwall instead of ISA Server. You could probably use Smoothwall Express, not 100% sure thou.

    Cheers,
    Steve

  8. #8
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20

    Cool

    I wasn't sure if Smoothwall could do what he's asking but if there's any chance - go for it.
    It'll undoubtedly be cheaper than ISA and if you have issues with it, we have several people here on the forums who use it and love it.

    Az

  9. #9
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,637
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    22
    We've just recently started something like this using Bluesocket.

    Can print off timebased accounts for visitors or student laptops which just connect to a visible network and go straight onto the net, domain laptops automatically see and connect to a hidden SSID which can access our network.

  10. #10

    Join Date
    Aug 2007
    Location
    Deal, Kent
    Posts
    343
    Thank Post
    12
    Thanked 73 Times in 51 Posts
    Rep Power
    27
    For internet only access we used our existing wireless (not tagged to a guest vlan) and then using RADIUS moved the clients to a seperate VLAN for guest access.

    This was then filtered with an ACL on the switch (on the guest vlan) to only allow access to DC's for DNS and DHCP (port based) and the firewall for 80 and 443 (HTTP / S).

    Works fine

  11. #11
    speckytecky's Avatar
    Join Date
    May 2006
    Location
    UK
    Posts
    2,497
    Thank Post
    3,372
    Thanked 256 Times in 209 Posts
    Blog Entries
    3
    Rep Power
    109
    If you are Windows Server 2008 you should have access to a service called Network Access Protection
    http://technet.microsoft.com/en-us/n.../bb545879.aspx
    Last edited by speckytecky; 14th January 2010 at 02:32 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Stop Users Logging In to Domain
    By moggy in forum Windows Server 2000/2003
    Replies: 7
    Last Post: 17th December 2008, 04:05 PM
  2. 10,000 Members!!!
    By Dos_Box in forum General EduGeek News/Announcements
    Replies: 20
    Last Post: 28th November 2008, 01:22 AM
  3. For Our NI Members
    By russdev in forum Jokes/Interweb Things
    Replies: 2
    Last Post: 8th June 2007, 03:09 PM
  4. Replies: 3
    Last Post: 10th April 2007, 08:40 AM
  5. 1 Domain + 1 domain + syncronised users = possible?
    By tarquel in forum Wireless Networks
    Replies: 52
    Last Post: 30th October 2006, 02:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •