+ Post New Thread
Results 1 to 5 of 5
How do you do....it? Thread, Does anyone have Meru Wireless? Help! in Technical; Hello guys! Hopefully someone with a Meru system can help out here. I'm having a nightmare getting our student and ...
  1. #1
    craigg's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham, UK
    Posts
    175
    Thank Post
    15
    Thanked 9 Times in 6 Posts
    Rep Power
    15

    Does anyone have Meru Wireless? Help!

    Hello guys!

    Hopefully someone with a Meru system can help out here.

    I'm having a nightmare getting our student and guest ESS profiles working.

    Ill give you the run down..

    We currently have three security profiles each with its own ESS profile and VLAN.

    college domain
    college student
    and college guest

    College domain works fine. We have a radius server set up on the network and it authenticates users that are in the \AuthenticatedUsers windows group.

    College student works fine up to a certain point.

    I have configured the radius for web authentication and am using the captive portal. Clients can authenticate with no issues and connect to the wireless network vlan.

    My issue is that I can't seem to get it to do the next hop (to the internet). If I manually enter the proxy server into IE, and set an exeption for the vlan Network address (10.0.92.*) http traffic is pushed through the proxy and the users can access the internet just fine.

    The only problem is management want to to be a seamless experience for students. I.E. they dont want them having to enter the proxy address everytime they want to get on the internet?

    How can I get arround this? I'm going a bit mad trying to work it out.

    The unfortunate thing is our firewall is about 1000 years old and doesn't have capacity for a blue network card. So it kind of rules out that... Otherwise life would be simple.

    We have a Barracuda 610 web filter and I "think" you can route traffic through it so that it is filtered and then routed to the correct gateway from there. I have also been told that it will filter the content as well.

    Then on from there we will need to configure ACLs on the core switch to stop them finding their way arround the network.

    Has anyone done this? Or something similar?

    Hope you can help.

    Craig

  2. #2

    Join Date
    Jun 2010
    Location
    England
    Posts
    735
    Thank Post
    89
    Thanked 52 Times in 46 Posts
    Rep Power
    35
    At my old work place they had a similar setup and i believe it was the free smoothwall express we used to get around the problem of having to set the proxy.
    Then we just had ACLS set like you mentioned

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    if you are going down the route of student owned devices, you should probably upgrade the firewall. A Cisco ASA is excellent (£1500 ish), smoothwall will combine web proxy and firewalling may be an option, or a linux box and iptables if cash is short.

    To automatically configure proxy settings on most browsers, set them to 'automatic configuration' - the default on IE, so no changes needed by students.
    Then create a DNS entry for wpad and set it to an internal web server, that can be accessed from the student network without proxy settings.
    Create a file called wpad.dat so that the proxy config URL is http://wpad/wpad.dat the format is javascript

    lots more detail here:
    Web Proxy Autodiscovery Protocol - Wikipedia, the free encyclopedia
    Proxy auto-config - Wikipedia, the free encyclopedia

    this also means staff/students don't need to change their proxy settings when at home. it also works with most operating systems and browsers (personally had issues with safari in osx, but fine with linux/windows)

  4. #4
    craigg's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham, UK
    Posts
    175
    Thank Post
    15
    Thanked 9 Times in 6 Posts
    Rep Power
    15
    Money is very tight unfortunatly.

    We have looked into upgrading the firewall already but have had the powers from above deny our requests.

    Really appreciate your replys though guys.

    I'm guessing something like Endian would do the same as smoothwall?

    Thanks

  5. #5
    craigg's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham, UK
    Posts
    175
    Thank Post
    15
    Thanked 9 Times in 6 Posts
    Rep Power
    15
    @ihaveaproblem

    When you set up your smoothwall box did it go straight out to the internet or did you have to go through your existing firewall?

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 11
    Last Post: 27th October 2011, 08:54 AM
  2. Does anyone have a Willem Eprom programmer?
    By plexer in forum General Chat
    Replies: 1
    Last Post: 12th October 2007, 08:04 PM
  3. Does anyone have a script...
    By wesleyw in forum Scripts
    Replies: 4
    Last Post: 5th July 2007, 01:58 PM
  4. Replies: 12
    Last Post: 5th February 2007, 08:45 AM
  5. Does anyone have a rackmounted Dell 2800?
    By ChrisH in forum Hardware
    Replies: 4
    Last Post: 23rd June 2006, 10:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •