Solved

bypassing iprism web filter

Posted on 2010-11-22
7
1,494 Views
Last Modified: 2012-05-10
ok, heres what i got,  I have a st. benard iprism model 20 with software version 6.402 that filters quite a few vlans for internet traffic.  I am putting in 8 Cisco Aironet 1252 Access points, What I want to be able to do is bypass the webfilter for anyone connected to the access points.. This is basically going to be a public internet access hotspot.  any ideas?
0
Comment
Question by:jasonmichel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 500 total points
ID: 34190762
If the AP is going to give out IP addresses, you could write a network exception for that segment with the PassAll profile. If the IPs area going to live on your main LAN I'm not sure it's possible, unless all wireless connections are going live in a certain range of IPs and then again, the Network set up with a PassAll profile would probably work.  

Another possibility would be to get a second Public IP and put a small layer 2 switch between the Internet access router and the iPrism. Then give the AP it's own Public IP. This will in effect wall off all of the Wireless traffic from your local LAN. We've done that at my company and it works really well.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 34191930
i have a total of 8 AP's , i know we don't have that many  public, so maybe i need to look into the idea of creating a DCHP scope on the AP's and just allowing those IP's to pass through the iprism, or maybe get an additional IP to put on a cheap linksys type router and assign the AP's gateway as that in addition to creating the scope?  what do you think?
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 34196274
Probably either would work. I would think the more "secure" solution would be to get a router and give it its own public IP and then have it assign IPs to the APs. This just separates the traffic really nicely and would help to secure your main LAN.  The other solution should work, but this just seems cleaner and more simple.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jasonmichel
ID: 34196686
how would i get around the current dhcp server, specify a helper in the aironets?
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 34196766
A router/switch is probably going to have to be involved somewhere, although I am not knowledgeable about the specifics of the Aironets. So, if for some reason you want to put these APs on your network infrastructure you would probably have to create a separate VLAN on your switch. The other solution is more simple because a switch/router directly connected to the Internet eliminates the needs for any routing through your network and eliminates the need for messing with the iPrism.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 34196814
thats what i mean, even if i put another switch and router on the network, i can point the AP's to that IP for the router, but i still need to have the clients that use the AP get DHCP from somewhere.  the current DHCP server won't point to there, and we don't want everyone unfiltered
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 34196860
If the APs can't send DHCP, and they most likely can't, then your switch/router would have to be able to do that.  And that would be the case with either solution. I know that my home router will do that and that's how my devices, both wired and wireless get their IP addresses. I would assume that your main LAN router/switch would probably to that and if you'd choose to bypass that and use a separate router that ought to do it as well.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question