+1
buy cheapo wireless router that supports tomato firmware. it will be
rock solid. easy and clean.
Kennedy, Jim wrote:
Send it back and get one that does, or put something in the ‘new’
network that will do the dhcp for you. Will the Sonic do dhcp on just
one interface perhaps? I really think this direction is the cleanest
and easiest to do.
*From:* David Lum [mailto:[email protected]]
*Sent:* Wednesday, August 03, 2011 1:21 PM
*To:* NT System Admin Issues
*Subject:* RE: VLAN N00b
I thought of that, but this AP doesn’t have the capability to be a
DHCP server.
Dave
*From:* Kennedy, Jim [mailto:[email protected]]
<mailto:%5Bmailto:[email protected]%5D>
*Sent:* Wednesday, August 03, 2011 9:57 AM
*To:* NT System Admin Issues
*Subject:* RE: VLAN N00b
Are only non-company assets going to use this AP? If yes read on,
otherwise hit delete.
Since it is a small environment with only one AP, set the AP up as
it’s own DHCP server….put it on it’s own physical and logical network
and drop another port in the Sonic Firewall and just route them
straight out to the internets….
* *
*From:* David Lum [mailto:[email protected]]
<mailto:%5Bmailto:[email protected]%5D>
*Sent:* Wednesday, August 03, 2011 10:27 AM
*To:* NT System Admin Issues
*Subject:* VLAN N00b
So…I bought a wireless AP and it looks like I get to delve into
learning a little VLANing.
Environment:
DNS,DHCP server (2003 SBS server, Domain controller)
Second DC (2003 R2 Server)
SonicWall Firewall
Dell PowerConnect 3448
17 Domain PC’s
HP M110 Wireless AP with non-domain PC’s using this to get to the
Internet.
Desired result for WLAN clients:
· Able to get to the Internet, but not be able to see any domain systems.
· DNS configured to non-domain server (SonicWall would be OK)
I can VLAN with the PowerConnect and make it so that AP can only get
to the firewall, but my issue then is how will any clients get
assigned an IP address. I can configure the Sonicwall to hand out IP’s
but then I lose control of IP’s (reservations, etc) from the SBS system.
It looks like I should divorce DHCP from the SBS server and put it on
the 2^nd DC and allow the AP to see the one DC and the Sonicwall.
Here’s a document I found helpful:
http://www.dell.com/downloads/global/products/pwcnt/en/howto_config_private_vlans.pdf
From that, the SBS server and all domain PC’s would be in Community 10
The AP would be in Community 11
The firewall and 2^nd DC (now doing DHCP) would be promiscuous. Is
that too big of a risk? The HP110 can do RADIUS and I did install that
capability on the 2^nd DC but I don’t really know what I’m doing here.
This would get me close to my desired result. Can RADIUS be used to
conditionally hand out IP addresses? What would be nice is the ability
to have it so VLAN1 (Community 10 in the diagram) gets some IP
settings, VLAN2 (Community 11) gets others – namely a different DNS
server.
All thoughts and comments welcome.
*David Lum*
Systems Engineer // NWEA^TM
Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
This email and any attached files are confidential and intended solely
for the intended recipient(s). If you are not the named recipient you
should not read, distribute, copy or alter this email. Any views or
opinions expressed in this email are those of the author and do not
represent those of the company. Warning: Although precautions have
been taken to make sure no viruses are present in this email, the
company cannot accept responsibility for any loss or damage that arise
from the use of this email or attachments.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
