+ Post New Thread
Results 1 to 12 of 12
Internet Related/Filtering/Firewall Thread, Lightspeed Rocket Appliance - integrating with VLANS in Technical; Hi all; I have a Lightspeed Rocket Appliance under testing at the moment Network Management Hardware, Web Filter Appliance, Spam ...
  1. #1

    Join Date
    Dec 2011
    Posts
    408
    Thank Post
    372
    Thanked 45 Times in 33 Posts
    Rep Power
    13

    Lightspeed Rocket Appliance - integrating with VLANS

    Hi all;

    I have a Lightspeed Rocket Appliance under testing at the moment Network Management Hardware, Web Filter Appliance, Spam Filter Appliance in a physically seperate test LAN, plugged into the Sonic Wall E5500 (which has seperate ports for Production LAN, Test LAN etc

    It has worked nicely alongside the production network.

    In Summer I will be putting in something like this:

    lightspeed rocket.jpg

    It's how I think it works without the Lightspeed Rocket Appliance (Without the Lightspeed Appliance I was Originally thinking Students will log onto RDS server via own VLAN , with Impero + Sonicwall as Content Filtering)

    I haven't had huge experiences with VLANs + BYOD but I was worried to see this

    vlan no.jpg

    So to my understanding how could this (Lightspeed Rocket) integrate with the Firewall (most schools will have VLANS) I am looking at my new Netgear Core that would do Layer 3 switching, but the Lightspeed Appliance only offers one NIC Port to Production LAN and one NIC port that is internet Facing...so how would it present the VLANS to the Sonicwall for internet access?

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Don't you just put it between the firewall and internet router?
    I don;t have a lightspeed appliance, but my understanding was that it worked at layer2 so doesn't care about you vlans.

  3. Thanks to CyberNerd from:

    MrWu (15th July 2012)

  4. #3

    Join Date
    Dec 2011
    Posts
    408
    Thank Post
    372
    Thanked 45 Times in 33 Posts
    Rep Power
    13
    Hi Cybernerd

    On the test set up this is how I did it. UniFis > Test LAN Gigbit Switch > Lightspeed Bottle Rocket Appliance > SonicWall on a seperate port handing out DHCP > Juniper Router.

    Works ok and transperantly through the internet and reading student's surfing habits.

    Maybe it's me being a numpty and from my mind the VLANS I setup for Guest, Student for example have to be physically plugged into the seperate Ports on the Sonicwall to Seperate internet traffic.

    Serves me right for managing flat networks for too long in my previous jobs !
    Last edited by MrWu; 15th July 2012 at 11:09 AM.

  5. #4

    Join Date
    Dec 2011
    Posts
    408
    Thank Post
    372
    Thanked 45 Times in 33 Posts
    Rep Power
    13
    This is the layout according to Lightspeed Wiki:

    rocket nics.JPG

  6. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by MrWu View Post
    This is the layout according to Lightspeed Wiki:

    rocket nics.JPG
    problem solved!

  7. Thanks to CyberNerd from:

    MrWu (15th July 2012)

  8. #6

    Join Date
    Dec 2011
    Posts
    408
    Thank Post
    372
    Thanked 45 Times in 33 Posts
    Rep Power
    13
    Thanks Cybernerd!

    Thought I specced a Dud!

    So I create the VLAN seperations on my Edge and Core switches as usual. User logs in via RADIUS (I have that running on a Win2008r2 NPS at the mo) gets chucked to the relevant VLAN, filtering then gets done at Lightspeed appliance (either via IP address range / or LADP AD integration) then onto the through the Sonicwall (which will have an allowed range of IP Addresses from Student, Guest and defualt VLANs) .... then off to the Juniper router?

    That would be good.. :-)

  9. #7

    Join Date
    Dec 2011
    Posts
    408
    Thank Post
    372
    Thanked 45 Times in 33 Posts
    Rep Power
    13
    Ok, Sorry to be a pain but I still have a doubt in my head...even with my post above^^^

    It says in the Wiki that the Lightspeed Appliance (Transperant Bridging) does not pass traffic through trunk ports, and therefore I think strips out 801.2Q VLAN tags..so will this be an issue as it will sit between my LAN and Firewall? (As I will have 3 VLANS at least) I'm sure being appliance designed for a school it would factor this in. Well I'm going to contact lightspeed tomorrow and have a further play with the test unit tomorrow, will report back with my findings...

  10. #8

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    The diagram shows it as an inline proxy as opposed to forwarding, is this the only way to run the box or does it care either way? Just out of curiosity

  11. #9

    Join Date
    Dec 2011
    Posts
    408
    Thank Post
    372
    Thanked 45 Times in 33 Posts
    Rep Power
    13
    Hi RTFM;

    On the appliance I bought I think inline proxy is the main method, which very straight forward to implement...I've contacted Lightspeed today to see if there is a way of putting this into forwarding mode (although not as an option in the instructions) will keep you posted. :-)

  12. #10

    Join Date
    Dec 2011
    Posts
    408
    Thank Post
    372
    Thanked 45 Times in 33 Posts
    Rep Power
    13
    Well very quick word to Lightspeed today, they recommended all VLAN switching to be done at the core switch...similar I think to this:

    lightspeed vlans.jpg

  13. #11

    Join Date
    Jul 2012
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Did this work out for you? I'm experiencing the same problem.

    Did this work out for you? I'm experiencing the same problem.



    Quote Originally Posted by MrWu View Post
    Well very quick word to Lightspeed today, they recommended all VLAN switching to be done at the core switch...similar I think to this:

    lightspeed vlans.jpg

  14. #12

    Join Date
    Dec 2011
    Posts
    408
    Thank Post
    372
    Thanked 45 Times in 33 Posts
    Rep Power
    13
    Quote Originally Posted by cmorales View Post
    Did this work out for you? I'm experiencing the same problem.
    Ok; had a chat with Lightspeed (again must say they are very knowlegdable and helpful.)

    Basically as mentioned the Lightspeed Appliance will act as a Layer 2 Transperant Proxy, everything will go through it.

    So you have a number of wireless VLANs setup (Student,Staff,Guest for example) and one Internet VLAN, using a Layer 3 Core switch, you route the 3 wireless VLANs and the defualt VLAN to the internet VLAN.

    So in my case:

    VLAN Defualt: 10.18.96.xxx Gateway: 10.18.96.1
    VLAN Guest: 192.168.97.xxx Gateway: 192.168.97.1
    VLAN Student: 192.168.98.xxx Gateway: 192.168.98.1
    VLAN Staff: 192.168.99.xxx Gateway:192.168.99.1

    all these will route to:192.168.6.1. VLAN internet

    VLAN Internet: 192.168.6.xxx Gateway:192.168.6.2

    This will point to my Firewall, set on one of it's LAN ports as 192.168.6.2 then onto the Juniper router out to the internet

    Also you need to setup ACL (Access Control Lists) on your Layer 3 Core so you restrict access say for student to port 80, 443 (this is needed for setting up the Captive portal for Lightspeed ref BYOD) and maybe RDP so they can access a RDS server, if applicable, all VLANs will need Port 80, 443 to access the captive portal bearing that in mind.

    We got as far setting up a test rig like above and managed to route to the internet VLAN, now onto our Firewall people to set up our VLAN subnets and details so the Firewall how to communicate back to our VLANs

    Hope this helps.
    Last edited by MrWu; 1st August 2012 at 10:32 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. vle integration with school website
    By imiddleton25 in forum Virtual Learning Platforms
    Replies: 9
    Last Post: 5th October 2009, 10:56 AM
  2. Replies: 10
    Last Post: 20th August 2009, 12:51 PM
  3. Java Apps integration with Moodle
    By wesleyw in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 20th February 2009, 07:02 PM
  4. Help with VLANs
    By robbie-w in forum Wireless Networks
    Replies: 20
    Last Post: 17th April 2008, 02:15 PM
  5. Replies: 19
    Last Post: 6th April 2007, 12:22 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •