We use Window Server 2003 for DHCP and want to set up three classes of
users: wired, wireless trusted (employees), and wireless guests. We
want to permit wireless guests access to the Internet but not to
servers or computers on our network.
The access points we're using are layer 2 devices and they don't do
DHCP. The server is running on a Dell PowerEdge. If this machine has
a NIC that supports 802.1Q tags, the switch port can be set up as a
trunk to pass both VLANs to the server. In that case, can DHCP be
configured to associate a separate scope with each VLAN?
If so, the wireless employees could then be given static IP addresses
via a MAC reservation and untrusted clients (guests) would get
addresses from a separate subnet, making it easy to filter this
traffic.
Will this work? If not, I suppose I could add a second NIC and
connect each to its respective VLAN (without tags).
Is there a better way to put guests on a separate subnet. Static IP
addressing for the clients is not an acceptable option. Replacing the
APs is not desireable but could be considered if necessary.
|
Similar Threads
Linear Mode
