Wireless Networks Thread, Which wireless for BYOD? in Technical; No, we use a second wan interface on the firewall which has its own dedicated Filter settings we just don't ...
3rd May 2013, 08:24 AM #16
No, we use a second wan interface on the firewall which has its own dedicated Filter settings we just don't have any issues with proxies.
Everyone on the Guest VLAN gets :-
Individual Voucher based authentication (so we know which guest had which voucher)
Redirected start page (to push traffic stats on web site for sponsors)
URL Filtering and Application control (No Porn, live streaming or P2P access etc..)
Bandwidth Control ( we cripple phones so they get enough for email, twitter etc)
Being able to packet capture your guests at the firewall is interesting... Nothing is safe
3rd May 2013, 09:27 AM #17
- Rep Power
Originally Posted by m25man
Dare to share how do you achieve all this.
3rd May 2013, 09:45 AM #18
Ruckus here for our BYOD but still in its infancy of use. We've not opened it to students yet but will be when our sixth form opens Summer 2014.
We have it sitting on a separate VLAN but you can setup Ruckus to keep the individual clients in full isolation mode and control what parts of other subnets it can access. We've allowed it access to our Frog and E-Mail server internally.
3rd May 2013, 10:02 AM #19
- Rep Power
We are going from an HP WESM based wireless network to Meraki. 60 APs so far and loving the ease of the solution deployment. Pretty much fit and forget so if you do decide to go with Meraki you will not regret it.
However the secret to success is all in the planning.
You should be thinking about exactly what you are trying to achieve for each type of user. What level of access to what resource. How many devices are you supporting. What sort of content filtering.
You need to revisit your existing network and firewall design.
1) get an active wireless survey done with the APs you plan to use. You will end up with a list of exactly how wany APs you need and where they should go.
2) work out the cable runs from each AP to your distribution cabinets. Make sure you have enough POE ports in free to support all the APs. I would recommend gigabit POE to APs and gigabit backbone to core switch. So be prepared to buy some new switches.
3rd May 2013, 11:59 AM #20
You can buy the TP-LINK PoE Gigabit injectors, they need to be version 3 and Black, not the white ones, the white ones are 100mbps if you dont have PoE switches.
3rd May 2013, 04:59 PM #21
- Rep Power
This is sound advice, and infact if you get a basic switch that can be managed you can do an active survey with the Meraki AP when not connected to the cloud controller. I have just completed a survey today in this way and it worked very well.
Originally Posted by geezersoft
3rd May 2013, 08:17 PM #22
Meru here. BYOD in its infancy. AD authentication (well, via RADIUS) against members of the BYOD group. Sign the form, become member of group, job done.
Separate VLAN, filtering on the core switch/router to keep them away from sensitive stuff, dedicated firewall/proxy rules to allow generic access to the internet with much tighter filtering than through the authenticating proxy. If users need greater access, they can enter the proxy details and get their authenticated access.
3rd May 2013, 08:21 PM #23
@m25man broken attachments!
3rd May 2013, 09:09 PM #24
I hate IE10 nothing works properly anymore... Will repost later when I get to a proper PC.
3rd May 2013, 09:21 PM #25
Please don't take this the wrong way, and I realise you might be well aware of this, but you keep talking about being hardware being "prepared for BYOD" and "BYOD ready" and I'd be careful with that term. You need to define with the people who are asking you to make this happen what exactly you're both talking about when you talk about "BYOD ready".
Originally Posted by san_narula
Is there a standard spec for what a D that someone BYOs has to be able to do before you will support it?
Is there a "service level agreement" that specifies how far you'll have to go to support devices? What happens if you spec a network to work with "Shiny v1" today and someone brings in a nice new "Shiny v2" the following month and it doesn't work. Is that your problem or their problem?
What are the stakeholders hoping to achieve from this?
In a lot of ways, as long as you stick to a reputable vendor, what make of WAP you buy is the least difficult and least interesting part of the project - you wouldn't focus too heavily on what brand of switch your desktops were wired into as part of a project to give everyone access to a new VLE from the desktop - you'd spend more time checking that the VLE worked with your standard browser and thinking about what content users should be able to get to and how they'd get to it. Same here...
Last edited by Roberto; 3rd May 2013 at 09:25 PM.
4th May 2013, 10:41 AM #26
- Rep Power
Can you please explain what do you mean by active survey?
Originally Posted by nelsons
4th May 2013, 10:49 AM #27
- Rep Power
I agree with you. There are no set standards atm for a BYOD ready networking device. But I believe in general most BYOD ready devices give you better tools to control access and also have application and device level filtering. Correct me if I am wrong.
Originally Posted by Roberto
4th May 2013, 11:42 AM #28
The point is that just about every sales person will tell you that their wireless access points, internet filtering, vpn or other networking product is "BYOD ready". That phrase is a buzzword we can use with non-technical managers but it's got no place in a technical discussion of what products to buy to ensure your new system works how you want.
If you're expecting application and device level filtering you need to carefully specify not only that you want these items, but how you expect them to work. If its unacceptable to you that your wireless users mightneed to authenticate to connect to your wireless infrastructure then once again to access the internet then you need to design a solution and then specify appropriate tools that won't leave you in that position.
4th May 2013, 06:29 PM #29
- Rep Power
Active survey with Meraki AP, when connected to a switch and given an ip address from dhcp server does not need to see the internet or the rest of the network. So you can set up an AP in any possible location and then measure the signal and data rate in locations surrounding the AP. Relocate the AP to the next location with sufficient signal overlap and repeat until the survey is complete. Does that help?
19th July 2014, 06:16 AM #30
@san_narula - I recommend using a Ruckus WiFi system as it is very good value, easy to configure, and manage, has great performance, and good BYOD features. For BYOD though, I find that the capabilities of your Web Filter are much more important than those of the WiFi system.
Also, I would recommend that you run some new CAT6a FTP (foiled twisted pair) to your WiFi APs rather than using existing CAT5 cabling. Otherwise, the total throughput of each AP will be limited at 100Mb and then that is going to be split to multiple clients. I would also recommend bringing all of your APs back to a single CAT6 patch panel as that will make it easier to manage/identify your points and add additional ones later (and your current patch panels are probably CAT5 as well, which won't work). I recommend FTP as it is easier to run than standard CAT6 and is also shielded eliminating crosstalk and interference.
By Edu-IT in forum Internet Related/Filtering/Firewall
Last Post: 12th October 2010, 11:44 PM
By pinemarten in forum Hardware
Last Post: 13th November 2007, 12:55 PM
By alan-d in forum Web Development
Last Post: 25th November 2006, 05:50 PM
By sidewinder in forum Hardware
Last Post: 11th September 2006, 10:30 PM
By Ric_ in forum How do you do....it?
Last Post: 10th November 2005, 01:41 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)