Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18
  1. #11
    bk1
    bk1 is offline
    Untanglit
    Join Date
    Aug 2007
    Posts
    19

    Default

    Thanks for the reply.

    Wow, Cisco is the affordable solution? I'm not used to reading that.

    I have a Microtik router so I should be OK using that to route the traffic from the different vlans, correct?

    Then I guess the last thing is I still need to verify that Untangle with AD authentication will work with this kind of setup.

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,242

    Default

    Well there is a way to do this with just Untangle. However, you'll need to configure multiple ports on a switch, one for each VLAN. Then, give Untangle one IP address on a dedicated interface for each VLAN. Untangle will be at the edge, and won't need the tags anymore, and your switch won't need tags either because the VLAN work is handled by port assignment.

    Then Untangle is your core router, and your edge router. It's a bit harder to kick Untangle in that direction, but it does work. The reason why I don't recommend this approach, is the difficulty in replacing Untangle should the server go down. The configuration complexity also makes things more difficult to restore should you need to reinstall.

    These issues are solvable with the correct hardware and planning. It just isn't a drop in solution.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #13
    bk1
    bk1 is offline
    Untanglit
    Join Date
    Aug 2007
    Posts
    19

    Default

    Sky-Night - Your way sounds interesting. Would I need any layer 3 routing in your suggestion? What would provide the DHCP scope for the VLANs? Currently, our Windows 2008 server is proving that service for our single network setup.

    In your suggestion, authentication to our AD server would still be functional I assume.

  4. #14
    Master Untangler
    Join Date
    Dec 2010
    Location
    Wisconsin Dells, WI
    Posts
    108

    Default

    The method sky described for you doesn't require a layer 3 switch. However you do need an interface on the Untangle for each VLAN in question as sky mentioned. You would use your layer 2 switch to program certain ports as VLAN access ports and connect those to the dedicated Untangle interfaces. You can provide multiple DHCP scopes in Untangle in Networking -> (advanced mode) -> DHCP & DNS. The commands / syntax to put in there are widely covered in the forums / the internet.

    The complexity of this kind of setup is essentially why layer 3 (IP routing) has been incorporated into switches. Personally that's what I would use in your setup.

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,242

    Default

    Yes, it also means that your Untangle configuration is very specific and inflexible. Should an issue arise with your Untangle hardware, you're going to be harder pressed to repair the equipment.

    I do not suggest this configuration direction if you do not have a cold spare device. Replacing an Untangle server with more than four interfaces is relatively difficult. Even with my practiced hand I'm hard pressed to get units into service in less than 5 days.

    Then again I suppose a layer 3 switch is just as difficult to come by.

    Untangle also is lacking major features on layer 3 that make this process more difficult than it needs to be, like a DHCP relay. Ideally you want that MSDHCP service handling everything. It isn't impossible to make Untangle's DHCP service support AD, however, the DHCP service as a whole is no where near as flexible as MSDHCP. This reality forces you to paint your network into some proverbial corners.

    I've done it, and it works well enough but it comes at the cost of flexibility that can bite you later. Make sure you plan accordingly.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    bk1
    bk1 is offline
    Untanglit
    Join Date
    Aug 2007
    Posts
    19

    Default

    Thanks for all the info.

    Well, it sounds like I'm back to using a Mikrotik router for now to accomplish the L3 routing my switch is not capable of doing.

    Any issues you see there with Untangle using AD authentication?

    Again, I'm hoping to have a VLAN for our guest wireless network that will be filtered internet and then another VLAN for users that will authenticate to the WPA2 network and then authenticate to our AD server. The idea is that those who are on the WPA2 network get access to network resources such as file shares as well as are able to access additional sites that are filtered for other users.

  7. #17
    bk1
    bk1 is offline
    Untanglit
    Join Date
    Aug 2007
    Posts
    19

    Default

    OK, so I finally have all my equipment and I'm setting it up and I still have a couple questions.

    1) Will AD integration work the way I have talked about setting this up.

    2) How should I do DHCP? I currently have a windows 2008 server doing DHCP for the rest of the network. Is there a way to have my mikrotik router do DHCP for the Guest wireless and the Secured wireless which are on different VLANs? I'm just thinking that if I have the Mikrotik provide DHCP on the secured wireless VLAN that because it is on the same VLAN as the rest of my network, it will end up picking up the DHCP requests.

    3) Do I need to have my Untangle plugged directly into my Mikrotik? Or, Do I have my Mikrotik as the default gateway and then the Mikrotik's default gateway is Untangle. Will that mess up my AD integration etc?

    Thanks again for the help. I'm just trying to avoid as many headaches as I can figuring this out.

  8. #18
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Hello,

    Put Untangle behind an DSL Router, ADSL Router, or Firewall. Configure Untangle with private IP Addresses in the External and Internal. Configure Untangle In Transparent Mode.

    Create a Static Default Route in the CoreSwitch L3 pointing to the Untangle Internal Interface. 0.0.0.0 mask 24 192.168.10.40.

    You can provide the WLAN clients with DHCP from the same Windows 2008 Server which serves your AD, DNS. Create a L3 vLAN in your core switch, make neciessary changes for inter-vlan routing, make a DHCP relay configuration in the WLAN vLAN, create a WLAN DHCP Scope in the DHCP Server and your WLAN should reach gets an IP with vLAN Interfaces as Gateway.

    Then, in the Untangle, assign it one Interface as Internal beside the Servers vLAN then add a Static Route in the Untangle for each Internal vLAN in the core switch that needs access to outside.

    Example:
    Server vLAN 192.168.10.0 .1 as vLAN Interface
    Staff vLAN 192.168.12.0 .1 as vLAN Interface
    WLAN 10.10.10.0 .1 as vLAN Interface

    Untangle:

    External: xxx.xxx.xxx.xxx
    Internal: 192.168.10.40
    Static Route 192.168.12.0/24 192.168.10.1
    Static Route 10.10.10.0/24 192.168.10.1

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2