Results 1 to 7 of 7
  1. #1
    Master Untangler
    Join Date
    Nov 2009
    Location
    Republic of the Philippines
    Posts
    141

    Default Wireless AP/ROUTER Configuration

    Hi,

    With Easter break on the horizon I want to play a bit with the AP/s on our network. The existing and suggested ( or crazy suggestion ) is attached.

    Any comments?

    Thanks.
    Attached Images Attached Images

  2. #2
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,059

    Default

    I already foresee one big problem with that setup. Since you are doing a NAT with the wireless access point your the IP addresses on the the wireless side (the ones the access point is handing out) CANNOT be in the same subnet as the rest of your network.

    Because of this I suspect, though don't know for sure, the the connection to AD will not function properly for those on the wireless. And you are also correct in assuming that you will lose the ability to monitor individual wireless IP addresses with the UT box as it will see all that traffic coming from the AP.

    What is your reasoning for wanting to do this?
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  3. #3
    Master Untangler
    Join Date
    Nov 2009
    Location
    Republic of the Philippines
    Posts
    141

    Default

    I want to isolate the network segment that connects to the Wireless AP in the diagram. Problem is that everyone has to login through the AD Server. Users in this isolated segment seldom use the internet but share a lot of files and a db. Therefore, I simply want to keep them together in a limited address pool to at least try and optimize their file sharing. ( Their files and db are stored on a machine that will be configured within their segment ).

    ----

    "It is either I am complicating matters or just missing a simpler solution"

  4. #4
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,059

    Default

    I'm still not sure I understand *why* you think you need to do this. All this really does is prevents computers and servers within you main LAN for talking to the wireless clients. I'm not an AD expert either (though I do use it) but it seems like you are asking for authentication trouble doing this. AD is very touchy feely and it may be that since it sees all these authentication attempts coming from your AP that it starts denying them. Again though I can't say for sure as I have never attempted this.

    You also mentioned optimized file sharing but again I don't see how this would make a difference changing the network from how you have it currently. If you're really worried about their file sharing data coming into your LAN then I would just have them their own file server and plug it into one of the LAN ports on the wireless router.

    Anyway, just my
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  5. #5
    Master Untangler jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    785

    Default

    Don't do it.

    If you want to change anything, get a switch that supports vlans and IP Helper, and stop connecting wired clients to your wireless access point (use the switch instead), and move dhcp responsibilities over to your AD server. Then you can use vlans to separate the wired and wireless portions of your network.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 8GB with Untangle 10.2.1 to protect 60+40Mbits for 450+ residential college students and associated staff and faculty

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    18,665

    Default

    If you're going to do this, add an interface to Untangle and move on.

    Either separate your network with a router that has some security features, or use switch capable of VLANs.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879

  7. #7
    Master Untangler
    Join Date
    Nov 2009
    Location
    Republic of the Philippines
    Posts
    141

    Default

    Thanks for the suggestions. I'll take the VLAN route :-)

    I still do have to connect some wired clients to a wireless AP (existing configuration ) with its WAN Port unused and DHCP turned off.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2