+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 57
Windows Server 2008 R2 Thread, DHCP/VLAN/BYOD/SMOOTHWALL Problem in Technical; I'd keep it the same but create an internal SmoothWall account rather than AD and give everyone that - then ...
  1. #31

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,741
    Thank Post
    311
    Thanked 355 Times in 216 Posts
    Rep Power
    147
    I'd keep it the same but create an internal SmoothWall account rather than AD and give everyone that - then you know it's them and not some random kid who's worked out they can get on the WiFi now (and therefore to Facebook if it's not filtered!).

    Username: teachmeet
    Password: awesomenetwork

    Or similar... :P

  2. #32

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by Ephelyon View Post
    I'd keep it the same but create an internal SmoothWall account rather than AD and give everyone that - then you know it's them and not some random kid who's worked out they can get on the WiFi now (and therefore to Facebook if it's not filtered!).

    Username: teachmeet
    Password: awesomenetwork

    Or similar... :P
    Could do, though i'd personally save them the step of logging in and just do it by location but thats just me.

    You could alter the group the location is filtered by afterwards to something more strict, or disable the interface so no one else gets onto it....

  3. #33

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,741
    Thank Post
    311
    Thanked 355 Times in 216 Posts
    Rep Power
    147
    What about during? If it's a day the kids are in and somebody gets on the wireless and starts accessing Facebook/Twitter because the external people can... and then there's an incident of cyberbullying... it's on your head.

    In light of the above, if you're going with the auth by location option I'd definitely make sure your SLT link knows about it too.

  4. #34

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Quote Originally Posted by RTFM View Post
    We have a ZD3000 and it has a spare interface from the looks of it
    So you should be ableto configure an SSID to use that interface.
    Put the interface on a spare port on Smooth.
    Set Smooth to handle DHCP for that interface.
    Apply a filtering policy.

    And that should do it, more or less.....

    Rob

  5. #35

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by Ephelyon View Post
    What about during? If it's a day the kids are in and somebody gets on the wireless and starts accessing Facebook/Twitter because the external people can... and then there's an incident of cyberbullying... it's on your head.

    In light of the above, if you're going with the auth by location option I'd definitely make sure your SLT link knows about it too.
    Even with a password, a kid can find it out and most likely will as how is this going to be filtered around all the external people coming into school? Word of mouth......a poster in reception?

    I know what your saying though but then the vast majority of kids have phones with 3G anyway and access facebook and twitter whenever they want regardless.

    Maybe i'm just being a sceptic as I know how some people are within our school but I dont see the kids not getting hold of the username and password throughout the day.

  6. #36
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    397
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    Ok.....

    So what would you say to upgrading the core switch chassis to a HP Procurve 5406VL and usng our existing modules? Which are x 2 j8768a and x 2 J9033a. Then getting someone to come onsite and help me config it?

    I think there will be money available for that.

  7. #37

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    I would say it needs to be planned as part of a review of your infrastructure and done in a considred and managed way and not a rush job. Half term is your window and that's rolling in fast.

    Rob

  8. #38
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    397
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    Would be no rush job.... Would be planned properly. That's one of the benefits of being actually consulted. I have a company in mind that can help me.

  9. #39

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by denon101 View Post
    Would be no rush job.... Would be planned properly. That's one of the benefits of being actually consulted. I have a company in mind that can help me.
    I had dropped your a PM for the people who did our VLAN work. Ignore it or not, upto you

  10. #40
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    397
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    Thanks...

  11. #41

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    from the spec sheet the 4208 can support routing on up to 16 Vlans.

    Rob

  12. #42
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    397
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    That's what I thought.....

  13. #43

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,081
    Thank Post
    260
    Thanked 213 Times in 164 Posts
    Rep Power
    111
    Quote Originally Posted by denon101 View Post
    Ok.....

    So what would you say to upgrading the core switch chassis to a HP Procurve 5406VL and usng our existing modules? Which are x 2 j8768a and x 2 J9033a. Then getting someone to come onsite and help me config it?

    I think there will be money available for that.
    I'd say that's a worthwhile upgrade in its own right. This will get you some big improvements over the 4208 series. We use 5406/5412zl switches as edge switches here and I've been impressed with them.

    There's a company we use that are good at sorting this kinda thing out in a rush if you want to PM me for their details, though it sounds like you have that covered either way.
    Last edited by Roberto; 21st January 2013 at 03:42 PM.

  14. #44

    Join Date
    Oct 2007
    Location
    Northamptonshire
    Posts
    312
    Thank Post
    21
    Thanked 82 Times in 69 Posts
    Rep Power
    45
    I doubt you'd need to upgrade you're current hardware for setting up a basic guest vlan. You don't even need the switches to be able to do layer 3 routing. As long as they support 802.1Q VLAN tagging you should be fine. If you use the Smoothwall box as the gateway device for the guest VLAN/Network then that will do all the routing for you.

    You could initially set up a guest VLAN on the switch your smoothwall server and Zonedirector are connected to and also the switch that the AP is connected to that is closest to where the event will be taking place. You'd then set up the switch ports that the Zonedirector & smoothwall are connected to with untagged (main network probably default VLAN1) and tagged for the guest vlan (eg VLAN100). Same with the port the AP is connected to and also the ports that connect the two switches together.

    Then it's a case of using the "Virtual LAN Adaptors" option in Smoothwall to create a new tagged interface (VLAN100) for the guest VLAN. I would set up Smoothwall to act as the DHCP server for the guest network and then create a new transparent proxy policy with no authentication for the VLAN100 guest interface. You can create a custom filter policy/group that allows Facebook and twitter like you mentioned and add this for unauthenticated requests. Then set up a new SSID on the Zonedirector using the Guest Access mode that is set to put clients on VLAN100 and only apply to the AP being used (think you would need to create a WLAN Group for this).

    That's the main gist of it anyway, the clients will pick up their IPs from Smoothwall with the gateway and dns being the Smoothwall IP specified in the VLAN100 guest network interface. You could then generate a single shareable guest pass for the day for the visitors to use on their devices or you could generate individual non shareable ones for each of the visitors if you're worried about students finding out the code etc.

  15. #45

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,741
    Thank Post
    311
    Thanked 355 Times in 216 Posts
    Rep Power
    147
    Quote Originally Posted by RTFM View Post
    Even with a password, a kid can find it out and most likely will as how is this going to be filtered around all the external people coming into school? Word of mouth......a poster in reception?

    I know what your saying though but then the vast majority of kids have phones with 3G anyway and access facebook and twitter whenever they want regardless.

    Maybe i'm just being a sceptic as I know how some people are within our school but I dont see the kids not getting hold of the username and password throughout the day.
    True, but there's the legal side too: it's good to be able to show you tried, or more specifically that you "took all reasonable technical measures". It doesn't always work, but showing willing in that regard closes off one avenue for Negligence: that of not even thinking of the hazard. You could still be Negligent in other ways, but at least if something did happen and it was traced to some kid "hacking" (obviously a slight exaggeration) then that would factor into the equation. But if you were shown not to have even tried because you thought it would be pointless, you wouldn't be able to use the defence of having at least attempted to reduce the risk to As Low As Reasonably Possible.

SHARE:
+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. VLAN/HP ProCurve problem at work...
    By fracmo2000 in forum Wired Networks
    Replies: 8
    Last Post: 30th September 2011, 01:40 PM
  2. Replies: 15
    Last Post: 20th July 2011, 01:37 PM
  3. Smoothwall Problems
    By Steven in forum Wireless Networks
    Replies: 6
    Last Post: 18th October 2009, 07:22 PM
  4. Smoothwall Problem - Blocking Https sites
    By adhutton in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 2nd October 2009, 09:56 AM
  5. Replies: 17
    Last Post: 23rd September 2008, 05:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •