|
[x]
Posted via EE Mobile
|
|
| Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again. |
|
|
|
|
|
[x]
The Solution Rating System
|
|
| With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating. - The Grade of the Solution
- The Zone Rank of the Expert Providing the Solution
- The Number of Author and Expert Comments
- The Number of Experts Contributing
- The Feedback of the Community
Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site. If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support. Thank you! |
|
|
|
|
Asked by squimby in Internet Security, Wireless Application Protocol (WAP), Dynamic Host Configuration Protocol (DHCP)
We have some "public" wireless VLAN segments. These segments are provided purely as a courtesy to visitors walking into our building. ACLs block this public VLAN from seeing any internal server or device. The VLAN gets it DNS from an external DNS site which cannot resolve internal AD resources. However, this VLAN does get its IP address from a Windows server running DHCP server inside the private network. The wireless laptops do not directly authenticate to AD in any way. Occassionally someone on these laptops access the public facing Outlook Web Access using the externally published addresses. None of the public wireless VLANs are defined in Sites and Services since there is no need for a DC to authenticate against. We have proven that no one can be on the those public VLANs can access internal resources. However, occassionally we see a Sites and Services unauthorized VLAN error being generated from the public VLAN.
Since we know the ACLs block any use of the internal resources, are these messages being generated solely DHCP request that is allowed to go from the outside to the inside network? Could it be generated by the external call to OWA that originates from the public segment? We see no such messages when people are outisde our network on the internet.
Should those non-AD authenticating VLANsegments actually be defined in SItes and Services anyway? We have been thinking of bringing up Cisco's DHCP server to simply hand out some IP addresses on these public networks if the act of using DHCP is causing the Sites and Services unauthorized VLAN alerts.
I'd appreciate your thoughts on how best ot handle this.
20091111-EE-VQP-89 - Hierarchy / EE_QW_3_20080625
