+ Post New Thread
Results 1 to 6 of 6
Wireless Networks Thread, Staff\Student Wifi Network in Technical; Hi there, This is the first time i am posting on here but have used the site many times for ...
  1. #1

    Join Date
    Sep 2013
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Staff\Student Wifi Network

    Hi there,

    This is the first time i am posting on here but have used the site many times for help.

    I am the new IT Manager at a private school and have taken on a big task to develop the IT Infrastructure etc.

    We currently have a wired and wireless network. The wireless network uses Cisco WAP4410n 300Mb Access Points throughput the site. The channels of the overlapping APs are all over the place so that is one thing to sort out.

    The wireless network is only meant for staff. As ALL staff were domain admins (yes i know) children of some staff members managed to retrieve the wireless password from their parents Windows 7 laptops. Students have now passed this around and are using the wireless network from their mobile devices.

    Now..... I have taken all Domain Access away from staff and will be changing the WiFi password very soon.

    What i want to implement is a separate network for students to use for research, with restrictions using blocks on the firewall or implementing a proxy (which would be advisable?).

    Is there a way to do this using the same wifi access points? Or will i need to buy new APs for the students?

    Also wondering if there is any way of blocking use of VPN internet bypass software on this student network?

    Any advise would be greatly appreciated.

  2. #2

    Join Date
    Nov 2009
    Location
    Manchester
    Posts
    1,049
    Thank Post
    6
    Thanked 199 Times in 179 Posts
    Rep Power
    52
    A lot of it depends on your filtering and firewall solution and then some more of it depends on the amoutn fo work you want to put into it.

    Yes those wireless points can definitely do it, I personally have used them before when creating an ad-hoc non-managed wireless network with two SSIDs but we had to manage them seperately so it was a nightmare.

    Basically though, you create a second SSID on your wireless points, I would put this on a seperate VLAN as well. You then have DHCP (from somewhere) giving addresses out on this VLAN and this VLAN then hits a filtering and firewall appliance or something similar, and goes out to the Internet without touching the main network and can then be filtered/ firewalled as appropiate.

    Some issues you get:

    Are how are your users going to authenicate against the filtering, or are they at all? Is everyone just going to be treated as a default "Student". You want a transparent proxy ideally.
    Are you comfortable setting up the VLANs? It is all simply things but still needs doing.

  3. #3

    Join Date
    Sep 2013
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for the quick response.

    Quote Originally Posted by Achandler View Post
    A lot of it depends on your filtering and firewall solution and then some more of it depends on the amount of work you want to put into it.

    Ideally id like to implement filtering software like Websense but something free if possible (any suggestions?)? Im willing to put the effort in to make this work. We have 3 different ISPs coming in. I was even thinking to dedicate an isp to the students so they do not affect staff bandwidth. What do you think??


    Yes those wireless points can definitely do it, I personally have used them before when creating an ad-hoc non-managed wireless network with two SSIDs but we had to manage them seperately so it was a nightmare.

    Basically though, you create a second SSID on your wireless points, I would put this on a seperate VLAN as well. You then have DHCP (from somewhere) giving addresses out on this VLAN and this VLAN then hits a filtering and firewall appliance or something similar, and goes out to the Internet without touching the main network and can then be filtered/ firewalled as appropiate.

    Our DHCP is given out from the firewall (i do not like this either and would prefer to have it on our Domain Server). Im not too hot on VLANs but get the concept, would this be setup on the APs? Can you direct me to any help guides for this?

    Some issues you get:

    Are how are your users going to authenicate against the filtering, or are they at all? Is everyone just going to be treated as a default "Student". You want a transparent proxy ideally.

    I was thinking of leaving the authentication open to all so visitors can also use this. Any information on transparent proxies? I will be setting up a proxy for staff internet use....would i be able to use this? or should the student network hit a separate proxy?

    Are you comfortable setting up the VLANs? It is all simply things but still needs doing.

  4. #4

    Join Date
    May 2009
    Location
    London
    Posts
    173
    Thank Post
    33
    Thanked 72 Times in 26 Posts
    Rep Power
    26
    We have a set up similar to what you want, but everyone connects to the same SSID. Using smoothwall as our proxy, we have a transparent proxy with basic student filtering so anyone that connects to the WiFi goes through this filtering. If they want a higher level of access they need to enter the proxy server setting on their device (we share these with staff) and then point to the authenticated proxy port where they must authenticate with their AD credentials. This is a bit of a pain on some devices (apple) because it constantly asks to authenticate.

    Any laptops that are on the domain have their proxy settings set through GPO.

  5. #5

    Join Date
    Nov 2009
    Location
    Manchester
    Posts
    1,049
    Thank Post
    6
    Thanked 199 Times in 179 Posts
    Rep Power
    52
    Also depending ons chool size ofcourse

    But what do you use for your current filtering?

    I wouldn't worry about getting a different ISP for the staff and students unless you are already having problems with the amount of traffic on your main connection.

    You can set up a seperate SSID on your wireless points, you can then tag the guess SSID on the separate VLAN. If you then allow this tagged traffic through your switches you just need a gateway for it. You can use freebie software such as dansguardian that will do firewall and filtering and also provide DHCP as well. So effectively all your guess wireless traffic goes through this box and then out into the big wide world (usually through your firewall or even just the general network).

  6. #6

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    11
    This is all easily achievable.

    Out of interest, how many access points do you have in total, how big is the installation ? How many people do you need to have accessing the network ? The Cisco WAP4410n is not an enterprise class access point, it's a home/small office solution and the lack of manageability is going to hinder your chances of having a decent network.

    Sometimes it's best to untangle as much as you can before implementing new changes. It's always better in these circumstances to redefine what you want. Start with the end user, define what you want them to experience and work from there.

    NM

  7. Thanks to neilmac from:

    buzzard (17th October 2013)

SHARE:
+ Post New Thread

Similar Threads

  1. students unplugging network cable
    By centurio in forum Network and Classroom Management
    Replies: 14
    Last Post: 3rd May 2011, 09:11 PM
  2. 'Student Users' network area FOLDER SIZES problem.
    By busbysmile in forum Windows Server 2000/2003
    Replies: 4
    Last Post: 22nd April 2009, 04:58 PM
  3. For Your Art Staff/Students And Photographers?
    By DaveP in forum Other Stuff
    Replies: 0
    Last Post: 29th October 2008, 11:37 AM
  4. New Staff & Student Induction
    By pete in forum School ICT Policies
    Replies: 4
    Last Post: 6th March 2006, 10:24 AM
  5. Students and Network Cables
    By ninjabeaver in forum Wireless Networks
    Replies: 36
    Last Post: 23rd November 2005, 09:14 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •