I'd keep it the same but create an internal SmoothWall account rather than AD and give everyone that - then you know it's them and not some random kid who's worked out they can get on the WiFi now (and therefore to Facebook if it's not filtered!).
Or similar... :P
What about during? If it's a day the kids are in and somebody gets on the wireless and starts accessing Facebook/Twitter because the external people can... and then there's an incident of cyberbullying... it's on your head.
In light of the above, if you're going with the auth by location option I'd definitely make sure your SLT link knows about it too.
I know what your saying though but then the vast majority of kids have phones with 3G anyway and access facebook and twitter whenever they want regardless.
Maybe i'm just being a sceptic as I know how some people are within our school but I dont see the kids not getting hold of the username and password throughout the day.
So what would you say to upgrading the core switch chassis to a HP Procurve 5406VL and usng our existing modules? Which are x 2 j8768a and x 2 J9033a. Then getting someone to come onsite and help me config it?
I think there will be money available for that.
I would say it needs to be planned as part of a review of your infrastructure and done in a considred and managed way and not a rush job. Half term is your window and that's rolling in fast.
Would be no rush job.... Would be planned properly. That's one of the benefits of being actually consulted. I have a company in mind that can help me.
from the spec sheet the 4208 can support routing on up to 16 Vlans.
That's what I thought.....
There's a company we use that are good at sorting this kinda thing out in a rush if you want to PM me for their details, though it sounds like you have that covered either way.
Last edited by Roberto; 21st January 2013 at 03:42 PM.
I doubt you'd need to upgrade you're current hardware for setting up a basic guest vlan. You don't even need the switches to be able to do layer 3 routing. As long as they support 802.1Q VLAN tagging you should be fine. If you use the Smoothwall box as the gateway device for the guest VLAN/Network then that will do all the routing for you.
You could initially set up a guest VLAN on the switch your smoothwall server and Zonedirector are connected to and also the switch that the AP is connected to that is closest to where the event will be taking place. You'd then set up the switch ports that the Zonedirector & smoothwall are connected to with untagged (main network probably default VLAN1) and tagged for the guest vlan (eg VLAN100). Same with the port the AP is connected to and also the ports that connect the two switches together.
Then it's a case of using the "Virtual LAN Adaptors" option in Smoothwall to create a new tagged interface (VLAN100) for the guest VLAN. I would set up Smoothwall to act as the DHCP server for the guest network and then create a new transparent proxy policy with no authentication for the VLAN100 guest interface. You can create a custom filter policy/group that allows Facebook and twitter like you mentioned and add this for unauthenticated requests. Then set up a new SSID on the Zonedirector using the Guest Access mode that is set to put clients on VLAN100 and only apply to the AP being used (think you would need to create a WLAN Group for this).
That's the main gist of it anyway, the clients will pick up their IPs from Smoothwall with the gateway and dns being the Smoothwall IP specified in the VLAN100 guest network interface. You could then generate a single shareable guest pass for the day for the visitors to use on their devices or you could generate individual non shareable ones for each of the visitors if you're worried about students finding out the code etc.
There are currently 1 users browsing this thread. (0 members and 1 guests)