FWIW I think the Juniper SSG5's are perfect for most needs and they're dirt cheap too.
They should do what you need if you do go down that route. If not, assuming you can VLAN or zone off ports on the Sonicwall or do something to keep the Guest and LAN traffic separate, as other have said either chop in the AP or buy a dirt cheap router and connect it to the guest VLAN just to use its DHCP server functionality. ________________________________ From: David Lum [[email protected]] Sent: 03 August 2011 6:58 PM To: NT System Admin Issues Subject: RE: VLAN N00b Their SonicWALL is old (SOHO3!) and I have - previous to this latest work - talked them into upgrading but I just haven’t done it (it’s one of my clients I can go 3 months w/out being onsite, and it just slipped through the cracks). This looks like a good time to revisit and add a new requirement to the firewall capabilities… Dave From: Kennedy, Jim [mailto:[email protected]] Sent: Wednesday, August 03, 2011 10:36 AM To: NT System Admin Issues Subject: RE: VLAN N00b Send it back and get one that does, or put something in the ‘new’ network that will do the dhcp for you. Will the Sonic do dhcp on just one interface perhaps? I really think this direction is the cleanest and easiest to do. From: David Lum [mailto:[email protected]] Sent: Wednesday, August 03, 2011 1:21 PM To: NT System Admin Issues Subject: RE: VLAN N00b I thought of that, but this AP doesn’t have the capability to be a DHCP server. Dave From: Kennedy, Jim [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Wednesday, August 03, 2011 9:57 AM To: NT System Admin Issues Subject: RE: VLAN N00b Are only non-company assets going to use this AP? If yes read on, otherwise hit delete. Since it is a small environment with only one AP, set the AP up as it’s own DHCP server….put it on it’s own physical and logical network and drop another port in the Sonic Firewall and just route them straight out to the internets…. From: David Lum [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Wednesday, August 03, 2011 10:27 AM To: NT System Admin Issues Subject: VLAN N00b So…I bought a wireless AP and it looks like I get to delve into learning a little VLANing. Environment: DNS,DHCP server (2003 SBS server, Domain controller) Second DC (2003 R2 Server) SonicWall Firewall Dell PowerConnect 3448 17 Domain PC’s HP M110 Wireless AP with non-domain PC’s using this to get to the Internet. Desired result for WLAN clients: · Able to get to the Internet, but not be able to see any domain systems. · DNS configured to non-domain server (SonicWall would be OK) I can VLAN with the PowerConnect and make it so that AP can only get to the firewall, but my issue then is how will any clients get assigned an IP address. I can configure the Sonicwall to hand out IP’s but then I lose control of IP’s (reservations, etc) from the SBS system. It looks like I should divorce DHCP from the SBS server and put it on the 2nd DC and allow the AP to see the one DC and the Sonicwall. Here’s a document I found helpful: http://www.dell.com/downloads/global/products/pwcnt/en/howto_config_private_vlans.pdf >From that, the SBS server and all domain PC’s would be in Community 10 The AP would be in Community 11 The firewall and 2nd DC (now doing DHCP) would be promiscuous. Is that too big of a risk? The HP110 can do RADIUS and I did install that capability on the 2nd DC but I don’t really know what I’m doing here. This would get me close to my desired result. Can RADIUS be used to conditionally hand out IP addresses? What would be nice is the ability to have it so VLAN1 (Community 10 in the diagram) gets some IP settings, VLAN2 (Community 11) gets others – namely a different DNS server. All thoughts and comments welcome. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
