+ Post New Thread
Results 1 to 3 of 3
Wireless Networks Thread, Setting up an open access wireless network for students in Technical; We are looking a providing an open access wireless network to enable our learners to bring in their own laptops ...
  1. #1

    Join Date
    Oct 2008
    Location
    Leeds
    Posts
    225
    Thank Post
    21
    Thanked 17 Times in 17 Posts
    Rep Power
    15

    Setting up an open access wireless network for students

    We are looking a providing an open access wireless network to enable our learners to bring in their own laptops / PDAs and connect to the Internet using our Internet connection. It is something that they have been asking for, and would also help balance the demand with the availability of our wireless laptops.

    I wondered whether anyone already has facility in your school/College and if so, how it was achieved?

    Did you allow the laptops direct access to the Internet (via NAT routing) or did you use the Web proxy auto discovery protocol?

    I would prefere the first option as it removes the complexities of having to get the "proxy server : port" into their browsers, and potential issues if this configuration remains when they try to access the Internet using their own connection at home. Or should either of these be serious concerns?

    The problem with the former is that on our network the clients have always accessed the Internet using IE with a proxy server (ISA 2006) and have not needed or been granted direct access to the Internet (i.e. via NAT). So we would have to set this up for these laptops and enable resolutuion of DNS external addresses, which also was not required previously (done on by the proxy server).

    How have you dealt with authentication? My thoughts are to leave the wireless network open and and have the students logon to a webpage to gain access to the Internet (802.1X and webpage)? How have you done this?

    We have Wireless Smart Switches - WFS709TP for central managment of our wireless network, so setting up an additional SSID assigned to a new VLAN should be easy enough, and we can point this to a 802.1X server for authentication. How have you done this?

    Have you permitted users connecting in this way access to other services on your network (such as printing and a full Terminal Service connection)?

    Have you restricted access for this clients at layer 2/3, and if so how have you done this?

    Any advice is much appreciated.

    Thanks,

    Bruce.

    Leeds, UK.

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    We setup:

    separate SSID for students on new VLAN
    Very simple wireless password (we nearly went for unencrypted for ease of use, but decided against it)
    WPAD proxy autoconfig, proxy.pac for unsupported devices (iphones etc)
    Firewall gives access to smoothwall proxy server only.

    Students authenticate to AD via smoothwall.

    edit:

    I would prefere the first option as it removes the complexities of having to get the "proxy server : port" into their browsers, and potential issues if this configuration remains when they try to access the Internet using their own connection at home. Or should either of these be serious concerns?
    not a big issue. combine these methods:
    http://en.wikipedia.org/wiki/Web_Pro...overy_Protocol
    http://en.wikipedia.org/wiki/Proxy_auto-config
    Last edited by CyberNerd; 3rd October 2010 at 06:34 PM. Reason: addition

  3. #3

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,683
    Thank Post
    1,268
    Thanked 789 Times in 686 Posts
    Rep Power
    237
    Quote Originally Posted by Bruce123 View Post
    Did you allow the laptops direct access to the Internet (via NAT routing) or did you use the Web proxy auto discovery protocol?
    We used a filter/firewall capable of being a transparent proxy (SmoothWall or Squid).

    How have you dealt with authentication? My thoughts are to leave the wireless network open and and have the students logon to a webpage to gain access to the Internet (802.1X and webpage)?
    Makes sense - SmoothWall will let you leave an "unfiltered" catagory that doesn't need any authentication, so everyone can just come along and use it. You can then just restrict some sites by requireing a username and password (integrated from AD) to be entered.

    Have you permitted users connecting in this way access to other services on your network (such as printing and a full Terminal Service connection)?
    I'd keep the student / wireless network on a separate VLAN and allow access to Terminal Services over a VPN if needed.

    --
    David Hicks

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 15th November 2013, 08:05 PM
  2. Setting up home wireless network with MAC and PC..?
    By tosca925 in forum General Chat
    Replies: 6
    Last Post: 21st November 2011, 04:39 PM
  3. Digital Economy Bill - Open Wireless Access Points
    By somabc in forum General Chat
    Replies: 4
    Last Post: 1st December 2009, 12:36 PM
  4. Help setting up wireless network
    By Kyle in forum Wireless Networks
    Replies: 4
    Last Post: 26th November 2007, 04:41 PM
  5. Setting up wireless access points
    By tomscaper in forum Wireless Networks
    Replies: 11
    Last Post: 11th September 2007, 08:58 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •