Wireless clients, 2 SSID's and SBS - need recommendations

[Also posted on microsoft.public.windows.server.sbs]

Running SBS 2003 Premium SP2, ISA 2004, SQl, Exchange, WSUS, 2 NICs and a router, managed switch that is 802.11q capable (D-Link DES-3828),

5 AP's - 802.1q capable (D-Link DWL-2200AP's), Symantec Corp. A/V and Backup Exec 11d. ============================ I need everyone's help/guidance/comments/recommendations on this issue. It's one I've been working on for 2 months now. I've had lot's of pervious help on previous posts, but it got harder than it had to be (my opinion) and so I decided to start from scratch.

My goal: Wireless LAN (WLAN) with 2 SSID's - one to tie domain users and computers to the wired LAN, and the other so that visitors and contractors can access the internet ONLY.

Add'l info: Security is not a huge issue; we are in a rural area 7 miles from the nearest town and 1 mile from the nearest house. We are so far off the "beaten path" we can't get landline internet - we use satellite. we are at the end of a road 1.5 miles off the main road. Lot's of tree's to the north and south. Anyone who comes here is invited; no tourists or drive-bys. During our busy season (now) we have 20 people living on-site in our houses and bunk house while they do research or assist the reasearchers. Most bring their laptops for off-time use.

I' ve looked hard at the MS white paper on securing wireless in a SBS environment, and also Owen William's paper on this, too. Spent most of yesterday implementing his steps, but made a big mistake -- I must have entered the wrong secret word for RADIUS on the switch and now can't access it at all. Had to take an old unmanaged switch of my junk pile and put it into service last night so the wired clients would have LAN and internet access. After a lot of thought last night, I'm convinced that I just don't need to implement such a secure wireless environment. I just need to keep those off-hour folks out of the server.

I'm sure the solution is staring me in the face -- probabaly involves ISA and a special user group --, but I'd like your thoughts.

Many(!) thanks in advance!

Mike Webb Platte River Whooping Crane Maintenance Trust, Inc. a 501(c)(3) conservation nonprofit organization

Reply to
Loading thread data ...

Hi, Not sure why you would need two SSIDs for this setup. The wired LAN is as the name implies "wired" so what use do the computers on the wired LAN have for an SSID? Easiest way to accomplish what you want is to segment the network. Since you are using a Managed switch, easiest way is to create two VLANs. Put the wired LAN on one VLAN (including the server) and the wireless on the other. Create appropriate routes so that users from both VLANs can reach the internet but not each other (The Dlink manual will help you do this). To add more exotic things like user authentication etc, you will need to use something like Coova (on a WRT54G) or monowall

formatting link
wall) on a Soekris board. Regards, Shiv

Reply to


Are you sure that you aren't making it all more complicated than need be?

I have a private WLAN, plus an "open internet-only pipe" SSID. (In addition, have other SSID's that are for other things such as media.)

- Setup your WLAN as you see fit.

- As for the "internet-only" pipe, just put it behind a captive portal.

I'm using ZoneCD (free). Works great.

formatting link

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.