BYOD Juniper/Trapeze & Smoothwall
We are slowly working through our BYOD policy and structure ready for an OpenWireless SSID to be put into place.
I am struggling on how to tie the following items together at present!
- Smoothwall Internet Filter with an upstream proxy to LA, only connected to our core switch on Port 1 on the smoothwall box.
- Trapeze MX200 AP Controller with a WPA2 wireless service currently setup on it for our School/Domain Laptops
- Full HP Procurve Managed Switch Infrastructure with a 5308xl core switch. This is then connected to our server cab with 2 Dell Poweredge connect switches, running the iSCSI network for our server infrastructure (3x VM esxi servers with a Dell SAN).
- We currently have our smoothwall box set from DHCP as the default gateway for our domain clients which is working well.
- We have a SSL login page for non-domain laptops that we currently manage but these connect to our WPA Wireless service. (very few of these laptops thank god!)
What we want to do is:
Setup an OpenWireless SSID on the same Access Points (easy enough to do on Trapeze!)
Setup a seperate DHCP server/address range for those Devices connecting to the OpenWireless SSID so that Smoothwall can get users to authenticate to the SSL login page, and give those devices a transparent proxy as well (well aware of how rubbish mobiles and smartphones are when it comes to proxying).
Setup a VLAN linked to the OpenWireless SSID (Not sure how to do this!), really want to keep these BYOD devices away from the rest of my network for security etc etc...
I am slowly figuring out VLANS but I get a bit confused when it gets to the core switch, as we will want students to access our VLE, Mail and Citrix Gateway, which are all currently housed in the server rack. I have read about "Zone Bridging", can anyone shed any light on this?
This is the part I really need help with, as I am unsure whether to get Trapeze to dish out DHCP addresses, or adjust the scope on my MS DHCP server, as well as only allowing the OpenWireless SSID to be tied to the VLAN. You can also configure some VLAN stuff on the Trapeze box, but should I be doing it on properly on the switches with the Access Points attached to them?
Any help would be great!