Need advice on stup/deployment of wireless

Discussion in 'Wireless Networks' started by Mike in Nebraska, Mar 29, 2008.

  1. Here's my situation, and I welcome any and all comments:

    Goal: Provide wireless access to the LAN for authenticated users (am
    leaning toward MAC-filtering to do this), and Guest/Visitor access to the
    internet only without compromising the LAN or posing a security risk.

    Equipment: Server - SBS 2003 Premium SP2, unmanaged switch (D-Link DES
    1024D), L2/L3 managed switch (D-Link DES 3828), 5-port router, firewall -
    ISA 2004 SP2 (software-based), wireless router - D-Link DIR-524, wireless
    AP's - 7 D-Link DWL-2200AP's and 3 DWL-2100AP's.

    IP's: 5 static IP's from the ISP. One is assigned to the 5-port router,
    leaving 4 available.

    Buildings to connect: 5 - Admin, Lab, Bunk House, and 2 long-term houses.

    Desired Encryption: WPA2 - Personal ( didn't want Enterprise as I'd have to
    introduce IAS and a RADIUS server)

    Deployment: One AP each in the houses and LAB, 2 in the Bunk House, and the
    rest in the admin building

    General Concept: Run the CAT5 from the ISP to the DES-1024D, then CAT 5 to
    my 5-port router and another to the wireless router (DIR-524). Assign each a
    static IP. The server handles DHCP for the LAN and the DIR-524 will handle
    guests/visitors. Three AP's wired to the DIR-524 via patch panel and house
    wiring in the Admin bldg.; the rest connected via directional antennas aimed
    at the omni-directional antenna on the admin bldg roof.
    The guest/visitor WLAN is flexible on how it is actually setup - physically
    and network-wise. The wireless WLAN to tie into the LAN I'd like to run into
    the DES-3828 so I can setup a VLAN for them.

    Needs: What mode(s) do I use for each? Same SSID for each WLAN, or separate
    for each AP? Channel selection? How do I set up the VLAN's? (The DES-3828
    is a 24-port switch.)

    Problems Noted: I tried the general concept above and couldn't get IP's from
    the DIR-3828, despite good signal strength. Tried a laptop cabled to the
    DIR-524 and it got an IP fine, so the DHCP component works. As for the
    DES-3828, I tried for about 7 months, off and on, with D-Link tech support
    to get VLAN's set up and working - no luck. At that time we tried using the
    same AP's in multiple SSID mode so a user could connect to either "side"
    dependent on access rights.

    As I mentioned, I am flexible on setup and configuration.

    Mike
    Platte River Whooping Crane Maintenance Trust, Inc.
    a conservation non-profit (501(c)(3)) organization
    Wood River, NE
     
    Mike in Nebraska, Mar 29, 2008
    #1
    1. Advertisements

  2. Hi
    It not really possible to engineer such project via newsgroup.
    This page can provide you with an idea of Network segregation.
    http://www.ezlan.net/shield.html
    As for multi APs. If you would like to create roaming areas, use the same
    SSID but different channels.
    Otherwise, give every node it own SSID and channel.
    Jack (MVP-Networking).
     
    Jack \(MVP-Networking\)., Mar 29, 2008
    #2
    1. Advertisements

  3. I sort a knew that, but my budget (non-profit) is (very) tight, so I thought
    I'd give it a shot. Your link to Network Segregation is very helpful. I
    saw it mentioned on another post the other day and printed it. It's what
    got me going again to see if I can solve this. I have an idea, but hoped
    that some of the experts on this NG would be able to help me with most/all
    of it of the top of their head - my thinking (could be naive) is that this
    is not that hard -- IF you've had experience.

    Mike
     
    Mike in Nebraska, Mar 29, 2008
    #3
  4. Hi
    It is not so hard it is just a lot of details that would take long pages to
    describe and explain.
    Have a good luck.
    Jack (MVP-Networking).
     
    Jack \(MVP-Networking\)., Mar 30, 2008
    #4
  5. OK, thanks.

     
    Mike in Nebraska, Mar 30, 2008
    #5
  6. Mike in Nebraska

    Pavel A. Guest

    Well, perhaps you can seduce MVP Jack with a nice weekend on the base,
    crane watching ... ?

    --PA
     
    Pavel A., Mar 30, 2008
    #6
  7. It IS nice and quiet out here. We have plenty of Sandhill cranes close by
    and saw 3 endangered Whooping cranes yesterday. Also lots of turkeys,
    pheasants, numerous grassland birds and a decent amount of Bald Eagles.
    Even have a bunk house here for grad students. Only 3 miles from the
    interstate, but a quiet world away. Whadya say?

    :)
    Mike
     
    Mike in Nebraska, Mar 31, 2008
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.