+ Post New Thread
Page 4 of 4 FirstFirst 1234
Results 46 to 57 of 57
Windows Server 2008 R2 Thread, DHCP/VLAN/BYOD/SMOOTHWALL Problem in Technical; /shrug I let our kids access Twitter on our main computers. On the guest wireless I allow pretty much everything, ...
  1. #46
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,050
    Thank Post
    98
    Thanked 162 Times in 111 Posts
    Rep Power
    60
    /shrug

    I let our kids access Twitter on our main computers. On the guest wireless I allow pretty much everything, with the exception of porn.

    My logic is that if the kids have 3g access, they'll access it anyway. If they access it via our wifi, we can at least track it.

  2. #47
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    404
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    Guys,

    What about following on from Ashm post. Could I VLAN tag the ports on the 4208 that the smoothwall vm and zonedirector and the connecting trunk together. Then vlan the ap port and uplinks on the edge switch. Exclude the bank of addresses from my 2k8 r2 DHCP server and setup the Zonedirector to act as a DHCP. Then use a WPAD.dat held on the zonedirector to point at the smoothwall, setup to identify by location (groups of IP). We already ident by ip for our Android tablet deployment.

    Would that work?
    Last edited by denon101; 21st January 2013 at 09:32 PM.

  3. #48

    Join Date
    Oct 2007
    Location
    Northamptonshire
    Posts
    315
    Thank Post
    22
    Thanked 83 Times in 70 Posts
    Rep Power
    45
    Why not use the Smoothwall server to do DHCP + DNS on the guest VLAN, it would probably keep things simpler. There would be no need for WPAD.dat if you use set up transparent proxy on the guest VLAN interface on the smoothwall server. This would be best for visitors as it's more likely to work without any extra configuration on the different types of devices they may bring in.

    There would be no need to exclude any addresses from the 2k8 r2 SHCP server in this case as everything is kept separate which is cleaner in my opinion. You can use whatever IP range you like for the guest VLAN.

  4. #49
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    404
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    I am only running network guardian. Don't think it has DHCP. But will check tomorrow. I may have to use the DHCP of the zonedirector.

  5. #50

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,849
    Thank Post
    351
    Thanked 392 Times in 249 Posts
    Rep Power
    162
    Quote Originally Posted by DrCheese View Post
    /shrug

    I let our kids access Twitter on our main computers. On the guest wireless I allow pretty much everything, with the exception of porn.

    My logic is that if the kids have 3g access, they'll access it anyway. If they access it via our wifi, we can at least track it.
    How can you track it on the guest network without auth?

  6. #51

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 185 Times in 160 Posts
    Rep Power
    55
    Quote Originally Posted by Ephelyon View Post
    How can you track it on the guest network without auth?
    You can see the logs of whats been accessed, not necessarily trace that back to a specific user though.

  7. #52

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,849
    Thank Post
    351
    Thanked 392 Times in 249 Posts
    Rep Power
    162
    Quote Originally Posted by RTFM View Post
    You can see the logs of whats been accessed, not necessarily trace that back to a specific user though.
    I'd want to know. Accountability is paramount and the Network Manager's ability to secure that for the school is key.

  8. #53
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,050
    Thank Post
    98
    Thanked 162 Times in 111 Posts
    Rep Power
    60
    Our guest network is setup with NTLM auth, they hit smoothwalls SSL login page when they try to access the Internet.

    They can't get on without entering their school username/password.

  9. #54

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 185 Times in 160 Posts
    Rep Power
    55
    Quote Originally Posted by DrCheese View Post
    Our guest network is setup with NTLM auth, they hit smoothwalls SSL login page when they try to access the Internet.

    They can't get on without entering their school username/password.
    How does a guest user do this? Or is your guest actually your BYOD solution so its only used by internal members of the school?

    I assume guest to be, external to school / visitor so has no AD credentials

  10. #55
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,050
    Thank Post
    98
    Thanked 162 Times in 111 Posts
    Rep Power
    60
    ah, Guest users can get a temporary AD account from Reception, the person that books out our public resources, or IT Support.

    These staff can write down the users name & how long they'll need it for on a PHP page, when that expires we reset the password ready for the next time it's issued.

  11. #56

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 185 Times in 160 Posts
    Rep Power
    55
    Quote Originally Posted by DrCheese View Post
    ah, Guest users can get a temporary AD account from Reception, the person that books out our public resources, or IT Support.

    These staff can write down the users name & how long they'll need it for on a PHP page, when that expires we reset the password ready for the next time it's issued.
    Ahhh ok, makes sense

  12. #57

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,849
    Thank Post
    351
    Thanked 392 Times in 249 Posts
    Rep Power
    162
    Similar here.



SHARE:
+ Post New Thread
Page 4 of 4 FirstFirst 1234

Similar Threads

  1. VLAN/HP ProCurve problem at work...
    By fracmo2000 in forum Wired Networks
    Replies: 8
    Last Post: 30th September 2011, 02:40 PM
  2. Replies: 15
    Last Post: 20th July 2011, 02:37 PM
  3. Smoothwall Problems
    By Steven in forum Wireless Networks
    Replies: 6
    Last Post: 18th October 2009, 08:22 PM
  4. Smoothwall Problem - Blocking Https sites
    By adhutton in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 2nd October 2009, 10:56 AM
  5. Replies: 17
    Last Post: 23rd September 2008, 06:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •