Netbooks, PDA and Phones Thread, BYOD and wifi network conundrum in Technical; Not sure with forum to stick this in as it has a bit of everything, not even sure how I'll ...
12th February 2013, 09:36 AM #1
BYOD and wifi network conundrum
Not sure with forum to stick this in as it has a bit of everything, not even sure how I'll write it up but here goes.
Current situation is this :-
Wifi is split into two vlans, one domain and one guest. The guest is transparent with no authentication, the domain has authentication via two smoothwalls.
Everything works great except I've now got two problems, well three if you count I've got no budget ;p
We have 45 staff Ipads, which connect to the guest wifi without a problem, they are managed via a mac mini server with profile manager.
So far so good.
Except I've been asked if I can get them on the same IP Range as the domain so they can start using applications like airserver / displaynote etc.
Okay I can do this, I can set up IDs / passwords for each Ipad and join them to the domain via a profile manager payload (PITA but doable).
Now this is the kicker, SLT have authorised students to bring their own I devices to lessons to participate in group application activities, however they will of course be on the wrong IP range.
How can I fix this without any cost or routing (I'd like to keep the vlans separate - they are vlans for a reason!)? can I send a payload to a guest device without end user interaction?
12th February 2013, 09:42 AM #2
This suggestion depends a lot on how your vlans are set up and what version of Windows (I sure Windows 7 can do this) you are running, and there may be other security implications (local firewall on the Windows PC's), but here's one possible solution:
On the PC's running AirServer/Displaynote set up a virtual NIC, give it an IP or dhcp on your guest VLAN.
Now the iDevices should see those AirServers as being on the same network without having to join your domain VLAN.
Thanks to tmcd35 from:
caffrey (12th February 2013)
12th February 2013, 09:50 AM #3
That would mean tagging every port, its a possibility, plus forgot to mention all the machines are still on XP... (so airserver is moot afaik) I am going to recommend all the machines are upgraded to 7 during the summer.
12th February 2013, 10:12 AM #4
How many student devices are you expecting to have? We manually set proxy on all of our student devices, works out about 250'odd a year between the two of us.
12th February 2013, 10:22 AM #5
On BYOD ? I've no idea of numbers yet - won't be a whole heap - seems a lot of work doing it that way, though I suppose once they are done they are done (although entering the network key would be interesting (how do you do that?)). The other issue with this would be lack of authentication on their devices - not a huge problem they would just have to be told to enter their domain username and password. Just trying to make this as transparent as possible!
12th February 2013, 10:54 AM #6
What about suggesting SLT buy some AppleTV's for the guest lan rather than allowing unsecure devices on to the domain lan?
12th February 2013, 11:00 AM #7
We have some appletvs on the guest network at present, but if they were on domain they'd be a bit more flexible with displaynote / airserver (cheaper too) and similar apps, plus I'm not a huge fan of them (dropouts, picture size etc.)
12th February 2013, 11:12 AM #8
Damn you! I'm going to come with a creative solution that'll work even if it's the last thing I ever do...
Putting the PC's running airserver/displaynote on the guest network then setting up VPN's to your domain vlan for access to the secure stuff?
12th February 2013, 11:15 AM #9
Domain trusted computers on an untrusted networks, ummmmmm, eeep.
Originally Posted by tmcd35
12th February 2013, 11:26 AM #10
Surely the devil is in the detail (aka, I can't come up with any better - can you?). I'm sure you can say the same about just about any VPN connection. The questions would be who as physical access/uses the machine(s) with the VPN connection(s), how does the VPN initiate and what does it have access to once it's connected.
Originally Posted by SYNACK
The other answer so far is to put BYOD devices on the domain...
12th February 2013, 11:37 AM #11
Surely the answer is.......Rasberry Pi????
12th February 2013, 11:41 AM #12
You can see the conundrum I'm having, I don't think there is a single answer to it. It has to be one thing or another, can't think of one easy free solution
I'm thinking raspberry pi, but rather not have a full distro of xbmc on there (plus I think it only mirrors video and audio correct me if I'm wrong)
I looked around to see if some bright spark came up with just an airplay mirroring distro - not sure if one's been done yet.
Got the raspberry pi working on lan via vlan no problem, but this still isn't going to help with PC apps (which is moot until they decide I can upgrade everything to windows 7)
Hating apple one day at a time.....
12th February 2013, 12:10 PM #13
And now I've just had a brand new (cr)appletv taken fresh out of the box that will not connect to the wifi, no signal strength, nothing GRRRRRRRRRRRRRRRRRR
12th February 2013, 12:56 PM #14
with apple TV's found it easier to activate them at home.......... (i didnt thank god)
12th February 2013, 01:04 PM #15
Staff IPads on the Domain IP range. Fine they are under your control so you can trust them. BYOD, no way even with NAC, accidents or maliciousness could turn your network to Swiss cheese before you knew what was going on.
By in forum Network and Classroom Management
Last Post: 23rd November 2007, 02:12 PM
By SpecialAgent in forum Educational IT Jobs
Last Post: 13th July 2007, 11:12 AM
By maniac in forum Windows
Last Post: 30th April 2007, 07:10 PM
By ninjabeaver in forum Wireless Networks
Last Post: 2nd December 2005, 11:50 AM
By woody in forum Wireless Networks
Last Post: 2nd December 2005, 11:43 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)