+ Post New Thread
Page 1 of 4 1234 LastLast
Results 1 to 15 of 57
Windows Server 2008 R2 Thread, DHCP/VLAN/BYOD/SMOOTHWALL Problem in Technical; Hi all, I have been set a task.... make BYOD work for a Teachmeet we are having on the 20th ...
  1. #1
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    397
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21

    DHCP/VLAN/BYOD/SMOOTHWALL Problem

    Hi all,

    I have been set a task.... make BYOD work for a Teachmeet we are having on the 20th March.

    So here is the problem....

    I have one DHCP server this is running server 2008 r2 datacentre. We have been allocated our IP Address range this is 10.171.52.1 - 10.171.55.254. We also run a Ruckus wireless network. I have a separate SSID setup already.

    What I am looking to do is setup the DHCP server to allocate addresses to BYOD devices in the 10.171.54.* range. Based on the face I have my DHCP scope set up as above how would I go about this? As we are identifying devices by location in Smoothwall.

    I know I will need a WPAD.dat and a VLAN or two...

    Can someone give me some advice where to start? oh and I need this working for 20th March.....! Not much to do eh?
    Last edited by denon101; 21st January 2013 at 10:49 AM.

  2. #2

    Join Date
    Nov 2009
    Location
    Manchester
    Posts
    1,078
    Thank Post
    6
    Thanked 209 Times in 189 Posts
    Rep Power
    53
    Assuming your guests are on a separate SSID, and separate VLAN (which they may or may not be), then you could make Smoothwall give out IPs on the guest SSID int he correct range, and make your DHCP not hand otu those addresses.

    You could then do some messing on the Smoothwall box to redirect any internal things, well internally, and also use ident by IP on just that range. No need to use a WPAD.dat I don't think.

    We have a similar setup here, (except our Smoothwall uses an entirely separate range for our "Guests"), but internally hosted sites are still all handled internally, such as the VLE etc. It is done int he Zone Bridging section.

  3. #3

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    What actual equipment do you have?
    Is this for a permenant fixture?

    Rob

  4. #4

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    You don't need WPAD. You can filter transparently by location in Smoothwall and save yourself that problem straight away (your location will be 10.171.54.x - 10.171.54.254 I guess).

    We have our Guest SSID on its own VLAN, our DHCP server issues the IP's as normal (each VLAN has its own scope), we use the guest access in Ruckus for users to login with and then we filter this as a location in smoothwall transparently.......
    Last edited by RTFM; 21st January 2013 at 11:35 AM.

  5. #5
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    397
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    Quote Originally Posted by twin--turbo View Post
    What actual equipment do you have?
    Is this for a permenant fixture?

    Rob
    Righty then,

    At the networks core we have a HP Procurve 4208VL with 4 modules installed. Mostly 1gb but there are some SFP ports to connect fibre up. A couple of trunks have been setup for bonding the fibre connections. A the edge of the network we have a number of 2810-48 HP Procurve's. We have a vmware install and hp storage works san. At the moment the entire network is flat, we have no vlans at all. We are fairly small school.

    So from the suggestions I would be looking to setup a wireless VLAN and setup DHCP to hand out specific addresses to the VLAN.

    Is that correct? Forgive my ignorance, I have only worked on small flat networks to date.

    Thanks

    Anthony

  6. #6

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    what does your wireless?

    Rob

  7. #7

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by twin--turbo View Post
    what does your wireless?

    Rob
    Think he said Ruckus in his first post

  8. #8

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Is the connection between the Ruckus and the Core a Trunk?

    Our Meru is trunked to the Cisco core which then has the vlans on it.

    Our BYOD is tagged by the Meru for the BYOD VLAN on the cisco.


    I imagin Rukus can do similar.

    Rob

  9. #9

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by twin--turbo View Post
    Is the connection between the Ruckus and the Core a Trunk?

    Our Meru is trunked to the Cisco core which then has the vlans on it.

    Our BYOD is tagged by the Meru for the BYOD VLAN on the cisco.


    I imagin Rukus can do similar.

    Rob
    He doesnt have any VLAN's though, its a flat network. To add VLAN's will need config of his core and edge switches and work on his DHCP scopes doing so it isnt a 2 minute job.....

    I havent looked but is the HP Procurve 4208VL at your core layer 3?
    Last edited by RTFM; 21st January 2013 at 12:55 PM.

  10. #10
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    397
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    According to HP procurve layer 2 plus static routing.

  11. #11
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,512
    Thank Post
    4
    Thanked 98 Times in 94 Posts
    Blog Entries
    1
    Rep Power
    52
    With VLANs you need to configure the ip helper address on the switch which is the DHCP server.

    The basic idea is that between switches you use trunk ports so that all vlans are carried.
    e1-12 are access ports so they are untagged in vlan 2
    e13-24 are access ports for server so they are in vlan 3
    e25-28 are uplink ports so the are untagged in vlan1 and tagged in all other vlans.
    You need to put all vlan's in each switch.
    At some point all the subnets need to talk to each other so you need some routing going on this is easiest to do on the smoothwall box as you can create the intervlan firewall rules.

    In your situation you can leave all devices on the default vlan and move the management interfaces of the HP on to a new vlan.
    So I would create to vlan 1 and vlan 2.
    Vlan 1 is for management of the switches.
    Vlan 2 is for the guest traffic.

  12. #12

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by nicholab View Post
    With VLANs you need to configure the ip helper address on the switch which is the DHCP server.

    The basic idea is that between switches you use trunk ports so that all vlans are carried.
    e1-12 are access ports so they are untagged in vlan 2
    e13-24 are access ports for server so they are in vlan 3
    e25-28 are uplink ports so the are untagged in vlan1 and tagged in all other vlans.
    You need to put all vlan's in each switch.
    At some point all the subnets need to talk to each other so you need some routing going on this is easiest to do on the smoothwall box as you can create the intervlan firewall rules.

    In your situation you can leave all devices on the default vlan and move the management interfaces of the HP on to a new vlan.
    So I would create to vlan 1 and vlan 2.
    Vlan 1 is for management of the switches.
    Vlan 2 is for the guest traffic.
    Unless your confident about doing this though I wouldn't be trying it yourself, especially not on a live environment.....

  13. #13
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,512
    Thank Post
    4
    Thanked 98 Times in 94 Posts
    Blog Entries
    1
    Rep Power
    52
    Quote Originally Posted by RTFM View Post
    Unless your confident about doing this though I wouldn't be trying it yourself, especially not on a live environment.....
    Good point I meant to say that. If you have a spare switch you could play around with it.

  14. #14

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Is there no way to setup an exclusion on his DHCP scope for the IP's he wants to be used for wireless, then do another scope only to be used for those IP's he previously excluded? I guess it's making sure that that scope is only assigning IP's to devices connecting to the Guest SSID.....

  15. #15

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,062
    Thank Post
    250
    Thanked 207 Times in 158 Posts
    Rep Power
    110
    Quote Originally Posted by denon101 View Post
    Hi all,

    I have been set a task.... make BYOD work for a Teachmeet we are having on the 20th March.

    So here is the problem....

    I have one DHCP server this is running server 2008 r2 datacentre. We have been allocated our IP Address range this is 10.171.52.1 - 10.171.55.254. We also run a Ruckus wireless network. I have a separate SSID setup already.

    What I am looking to do is setup the DHCP server to allocate addresses to BYOD devices in the 10.171.54.* range. Based on the face I have my DHCP scope set up as above how would I go about this? As we are identifying devices by location in Smoothwall.

    I know I will need a WPAD.dat and a VLAN or two...

    Can someone give me some advice where to start? oh and I need this working for 20th March.....! Not much to do eh?
    What exactly do you have to implement. And don't say "BYOD" - that's just marketing mumbo-jumbo. What exactly do they expect you to provide?
    A wireless connection? - What about the one you have now. If this is just something your bosses want to show off at a meeting (what's a 'teachmeet'?) when can't you fake it via your normal wireless provision for that?

SHARE:
+ Post New Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. VLAN/HP ProCurve problem at work...
    By fracmo2000 in forum Wired Networks
    Replies: 8
    Last Post: 30th September 2011, 01:40 PM
  2. Replies: 15
    Last Post: 20th July 2011, 01:37 PM
  3. Smoothwall Problems
    By Steven in forum Wireless Networks
    Replies: 6
    Last Post: 18th October 2009, 07:22 PM
  4. Smoothwall Problem - Blocking Https sites
    By adhutton in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 2nd October 2009, 09:56 AM
  5. Replies: 17
    Last Post: 23rd September 2008, 05:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •