troubleshooting Question

What Needs to be in Sites and Services?

Avatar of squimby
squimby asked on
Wireless NetworkingAnti-Virus AppsDHCP
1 Comment1 Solution389 ViewsLast Modified:
We have some "public" wireless VLAN segments.   These segments are provided purely as a courtesy to visitors walking into our building.   ACLs block this public VLAN from seeing any internal server or device.   The VLAN gets it DNS from an external DNS site which cannot resolve internal AD resources.    However, this VLAN does get its IP address from a Windows server running DHCP server inside the private network.   The wireless laptops do not directly authenticate to AD in any way.   Occassionally someone on these laptops access the public facing Outlook Web Access using the externally published addresses.   None of the public wireless VLANs are defined in Sites and Services since there is no need for a DC to authenticate against.   We have proven that no one can be on the those public VLANs can access internal resources.   However, occassionally we see a Sites and Services unauthorized VLAN error being generated from the public VLAN.

Since we know the ACLs block any use of the internal resources, are these messages being generated solely DHCP request that is allowed to go from the outside to the inside network?   Could it be generated by the external call to OWA that originates from the public segment?    We see no such messages when people are outisde our network on the internet.

Should those non-AD authenticating VLANsegments actually be defined in SItes and Services anyway?   We have been thinking of bringing up Cisco's DHCP server to simply hand out some IP addresses on these public networks if the act of using DHCP is causing the Sites and Services unauthorized VLAN alerts.

I'd appreciate your thoughts on how best ot handle this.
ASKER CERTIFIED SOLUTION
ekderbark

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros