Wireless Networks Thread, Staff\Student Wifi Network in Technical; Hi there,
This is the first time i am posting on here but have used the site many times for ...
20th September 2013, 08:27 AM #1
- Rep Power
Staff\Student Wifi Network
This is the first time i am posting on here but have used the site many times for help.
I am the new IT Manager at a private school and have taken on a big task to develop the IT Infrastructure etc.
We currently have a wired and wireless network. The wireless network uses Cisco WAP4410n 300Mb Access Points throughput the site. The channels of the overlapping APs are all over the place so that is one thing to sort out.
The wireless network is only meant for staff. As ALL staff were domain admins (yes i know) children of some staff members managed to retrieve the wireless password from their parents Windows 7 laptops. Students have now passed this around and are using the wireless network from their mobile devices.
Now..... I have taken all Domain Access away from staff and will be changing the WiFi password very soon.
What i want to implement is a separate network for students to use for research, with restrictions using blocks on the firewall or implementing a proxy (which would be advisable?).
Is there a way to do this using the same wifi access points? Or will i need to buy new APs for the students?
Also wondering if there is any way of blocking use of VPN internet bypass software on this student network?
Any advise would be greatly appreciated.
IDG Tech News
20th September 2013, 08:42 AM #2
A lot of it depends on your filtering and firewall solution and then some more of it depends on the amoutn fo work you want to put into it.
Yes those wireless points can definitely do it, I personally have used them before when creating an ad-hoc non-managed wireless network with two SSIDs but we had to manage them seperately so it was a nightmare.
Basically though, you create a second SSID on your wireless points, I would put this on a seperate VLAN as well. You then have DHCP (from somewhere) giving addresses out on this VLAN and this VLAN then hits a filtering and firewall appliance or something similar, and goes out to the Internet without touching the main network and can then be filtered/ firewalled as appropiate.
Some issues you get:
Are how are your users going to authenicate against the filtering, or are they at all? Is everyone just going to be treated as a default "Student". You want a transparent proxy ideally.
Are you comfortable setting up the VLANs? It is all simply things but still needs doing.
20th September 2013, 09:02 AM #3
- Rep Power
Thanks for the quick response.
Originally Posted by Achandler
20th September 2013, 09:25 AM #4
- Rep Power
We have a set up similar to what you want, but everyone connects to the same SSID. Using smoothwall as our proxy, we have a transparent proxy with basic student filtering so anyone that connects to the WiFi goes through this filtering. If they want a higher level of access they need to enter the proxy server setting on their device (we share these with staff) and then point to the authenticated proxy port where they must authenticate with their AD credentials. This is a bit of a pain on some devices (apple) because it constantly asks to authenticate.
Any laptops that are on the domain have their proxy settings set through GPO.
20th September 2013, 09:26 AM #5
Also depending ons chool size ofcourse
But what do you use for your current filtering?
I wouldn't worry about getting a different ISP for the staff and students unless you are already having problems with the amount of traffic on your main connection.
You can set up a seperate SSID on your wireless points, you can then tag the guess SSID on the separate VLAN. If you then allow this tagged traffic through your switches you just need a gateway for it. You can use freebie software such as dansguardian that will do firewall and filtering and also provide DHCP as well. So effectively all your guess wireless traffic goes through this box and then out into the big wide world (usually through your firewall or even just the general network).
23rd September 2013, 01:50 PM #6
This is all easily achievable.
Out of interest, how many access points do you have in total, how big is the installation ? How many people do you need to have accessing the network ? The Cisco WAP4410n is not an enterprise class access point, it's a home/small office solution and the lack of manageability is going to hinder your chances of having a decent network.
Sometimes it's best to untangle as much as you can before implementing new changes. It's always better in these circumstances to redefine what you want. Start with the end user, define what you want them to experience and work from there.
Thanks to neilmac from:
buzzard (17th October 2013)
By centurio in forum Network and Classroom Management
Last Post: 3rd May 2011, 10:11 PM
By busbysmile in forum Windows Server 2000/2003
Last Post: 22nd April 2009, 05:58 PM
By DaveP in forum Other Stuff
Last Post: 29th October 2008, 12:37 PM
By pete in forum School ICT Policies
Last Post: 6th March 2006, 11:24 AM
By ninjabeaver in forum Wireless Networks
Last Post: 23rd November 2005, 10:14 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)