+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 31
Wireless Networks Thread, Which wireless for BYOD? in Technical; No, we use a second wan interface on the firewall which has its own dedicated Filter settings we just don't ...
  1. #16

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,625
    Thank Post
    49
    Thanked 454 Times in 335 Posts
    Rep Power
    137
    No, we use a second wan interface on the firewall which has its own dedicated Filter settings we just don't have any issues with proxies.
    Everyone on the Guest VLAN gets :-
    Captive Portal
    Individual Voucher based authentication (so we know which guest had which voucher)
    Redirected start page (to push traffic stats on web site for sponsors)
    URL Filtering and Application control (No Porn, live streaming or P2P access etc..)
    Bandwidth Control ( we cripple phones so they get enough for email, twitter etc)

    Being able to packet capture your guests at the firewall is interesting... Nothing is safe

  2. #17

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    41
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by m25man View Post
    No, we use a second wan interface on the firewall which has its own dedicated Filter settings we just don't have any issues with proxies.
    Everyone on the Guest VLAN gets :-
    Captive Portal
    Individual Voucher based authentication (so we know which guest had which voucher)
    Redirected start page (to push traffic stats on web site for sponsors)
    URL Filtering and Application control (No Porn, live streaming or P2P access etc..)
    Bandwidth Control ( we cripple phones so they get enough for email, twitter etc)

    Being able to packet capture your guests at the firewall is interesting... Nothing is safe

    Dare to share how do you achieve all this.

  3. #18

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    879
    Thank Post
    274
    Thanked 139 Times in 112 Posts
    Blog Entries
    27
    Rep Power
    42
    Ruckus here for our BYOD but still in its infancy of use. We've not opened it to students yet but will be when our sixth form opens Summer 2014.

    We have it sitting on a separate VLAN but you can setup Ruckus to keep the individual clients in full isolation mode and control what parts of other subnets it can access. We've allowed it access to our Frog and E-Mail server internally.

    Pete

  4. #19

    Join Date
    Mar 2012
    Location
    Shrewsbury
    Posts
    23
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    5
    We are going from an HP WESM based wireless network to Meraki. 60 APs so far and loving the ease of the solution deployment. Pretty much fit and forget so if you do decide to go with Meraki you will not regret it.

    However the secret to success is all in the planning.

    You should be thinking about exactly what you are trying to achieve for each type of user. What level of access to what resource. How many devices are you supporting. What sort of content filtering.

    You need to revisit your existing network and firewall design.

    Wireless wise:

    1) get an active wireless survey done with the APs you plan to use. You will end up with a list of exactly how wany APs you need and where they should go.

    2) work out the cable runs from each AP to your distribution cabinets. Make sure you have enough POE ports in free to support all the APs. I would recommend gigabit POE to APs and gigabit backbone to core switch. So be prepared to buy some new switches.

  5. #20
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,992
    Thank Post
    287
    Thanked 283 Times in 197 Posts
    Rep Power
    118
    You can buy the TP-LINK PoE Gigabit injectors, they need to be version 3 and Black, not the white ones, the white ones are 100mbps if you dont have PoE switches.

  6. #21
    nelsons's Avatar
    Join Date
    May 2013
    Location
    Newcastle Upon Tyne
    Posts
    17
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    3
    Quote Originally Posted by geezersoft View Post
    We are going from an HP WESM based wireless network to Meraki. 60 APs so far and loving the ease of the solution deployment. Pretty much fit and forget so if you do decide to go with Meraki you will not regret it.

    However the secret to success is all in the planning.

    You should be thinking about exactly what you are trying to achieve for each type of user. What level of access to what resource. How many devices are you supporting. What sort of content filtering.

    You need to revisit your existing network and firewall design.

    Wireless wise:

    1) get an active wireless survey done with the APs you plan to use. You will end up with a list of exactly how wany APs you need and where they should go.

    2) work out the cable runs from each AP to your distribution cabinets. Make sure you have enough POE ports in free to support all the APs. I would recommend gigabit POE to APs and gigabit backbone to core switch. So be prepared to buy some new switches.
    This is sound advice, and infact if you get a basic switch that can be managed you can do an active survey with the Meraki AP when not connected to the cloud controller. I have just completed a survey today in this way and it worked very well.

  7. #22

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,256
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Meru here. BYOD in its infancy. AD authentication (well, via RADIUS) against members of the BYOD group. Sign the form, become member of group, job done.

    Separate VLAN, filtering on the core switch/router to keep them away from sensitive stuff, dedicated firewall/proxy rules to allow generic access to the internet with much tighter filtering than through the authenticating proxy. If users need greater access, they can enter the proxy details and get their authenticated access.

  8. #23

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,256
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    @m25man broken attachments!

  9. #24

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,625
    Thank Post
    49
    Thanked 454 Times in 335 Posts
    Rep Power
    137
    I hate IE10 nothing works properly anymore... Will repost later when I get to a proper PC.

  10. #25

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,011
    Thank Post
    238
    Thanked 190 Times in 146 Posts
    Rep Power
    106
    Quote Originally Posted by san_narula View Post
    Actually we are refreshing our whole IT Infrastructure so I am trying my best to make sure that the network is prepared for BYOD.
    Please don't take this the wrong way, and I realise you might be well aware of this, but you keep talking about being hardware being "prepared for BYOD" and "BYOD ready" and I'd be careful with that term. You need to define with the people who are asking you to make this happen what exactly you're both talking about when you talk about "BYOD ready".

    Is there a standard spec for what a D that someone BYOs has to be able to do before you will support it?
    Is there a "service level agreement" that specifies how far you'll have to go to support devices? What happens if you spec a network to work with "Shiny v1" today and someone brings in a nice new "Shiny v2" the following month and it doesn't work. Is that your problem or their problem?
    What are the stakeholders hoping to achieve from this?

    In a lot of ways, as long as you stick to a reputable vendor, what make of WAP you buy is the least difficult and least interesting part of the project - you wouldn't focus too heavily on what brand of switch your desktops were wired into as part of a project to give everyone access to a new VLE from the desktop - you'd spend more time checking that the VLE worked with your standard browser and thinking about what content users should be able to get to and how they'd get to it. Same here...
    Last edited by Roberto; 3rd May 2013 at 08:25 PM.

  11. #26

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    41
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by nelsons View Post
    This is sound advice, and infact if you get a basic switch that can be managed you can do an active survey with the Meraki AP when not connected to the cloud controller. I have just completed a survey today in this way and it worked very well.
    Can you please explain what do you mean by active survey?

  12. #27

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    41
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by Roberto View Post
    Please don't take this the wrong way, and I realise you might be well aware of this, but you keep talking about being hardware being "prepared for BYOD" and "BYOD ready" and I'd be careful with that term. You need to define with the people who are asking you to make this happen what exactly you're both talking about when you talk about "BYOD ready".
    I agree with you. There are no set standards atm for a BYOD ready networking device. But I believe in general most BYOD ready devices give you better tools to control access and also have application and device level filtering. Correct me if I am wrong.

  13. #28

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,011
    Thank Post
    238
    Thanked 190 Times in 146 Posts
    Rep Power
    106
    The point is that just about every sales person will tell you that their wireless access points, internet filtering, vpn or other networking product is "BYOD ready". That phrase is a buzzword we can use with non-technical managers but it's got no place in a technical discussion of what products to buy to ensure your new system works how you want.

    If you're expecting application and device level filtering you need to carefully specify not only that you want these items, but how you expect them to work. If its unacceptable to you that your wireless users mightneed to authenticate to connect to your wireless infrastructure then once again to access the internet then you need to design a solution and then specify appropriate tools that won't leave you in that position.

  14. #29

    Join Date
    Mar 2012
    Location
    Shrewsbury
    Posts
    23
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    5
    Active survey with Meraki AP, when connected to a switch and given an ip address from dhcp server does not need to see the internet or the rest of the network. So you can set up an AP in any possible location and then measure the signal and data rate in locations surrounding the AP. Relocate the AP to the next location with sufficient signal overlap and repeat until the survey is complete. Does that help?

  15. #30

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    @san_narula - I recommend using a Ruckus WiFi system as it is very good value, easy to configure, and manage, has great performance, and good BYOD features. For BYOD though, I find that the capabilities of your Web Filter are much more important than those of the WiFi system.

    Also, I would recommend that you run some new CAT6a FTP (foiled twisted pair) to your WiFi APs rather than using existing CAT5 cabling. Otherwise, the total throughput of each AP will be limited at 100Mb and then that is going to be split to multiple clients. I would also recommend bringing all of your APs back to a single CAT6 patch panel as that will make it easier to manage/identify your points and add additional ones later (and your current patch panels are probably CAT5 as well, which won't work). I recommend FTP as it is easier to run than standard CAT6 and is also shielded eliminating crosstalk and interference.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Which encryption for wireless?
    By Edu-IT in forum Internet Related/Filtering/Firewall
    Replies: 17
    Last Post: 12th October 2010, 10:44 PM
  2. Which laptops for classroom use
    By pinemarten in forum Hardware
    Replies: 13
    Last Post: 13th November 2007, 11:55 AM
  3. Which CMS for use with AD?
    By alan-d in forum Web Development
    Replies: 6
    Last Post: 25th November 2006, 04:50 PM
  4. Which desktops for the IT staff? Dell?
    By sidewinder in forum Hardware
    Replies: 22
    Last Post: 11th September 2006, 09:30 PM
  5. Which CMS for School Website?
    By Ric_ in forum How do you do....it?
    Replies: 19
    Last Post: 10th November 2005, 12:41 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •