bypassing iprism web filter

ok, heres what i got,  I have a st. benard iprism model 20 with software version 6.402 that filters quite a few vlans for internet traffic.  I am putting in 8 Cisco Aironet 1252 Access points, What I want to be able to do is bypass the webfilter for anyone connected to the access points.. This is basically going to be a public internet access hotspot.  any ideas?
LVL 1
jasonmichelAsked:
Who is Participating?
 
jhyieslaCommented:
If the AP is going to give out IP addresses, you could write a network exception for that segment with the PassAll profile. If the IPs area going to live on your main LAN I'm not sure it's possible, unless all wireless connections are going live in a certain range of IPs and then again, the Network set up with a PassAll profile would probably work.  

Another possibility would be to get a second Public IP and put a small layer 2 switch between the Internet access router and the iPrism. Then give the AP it's own Public IP. This will in effect wall off all of the Wireless traffic from your local LAN. We've done that at my company and it works really well.
0
 
jasonmichelAuthor Commented:
i have a total of 8 AP's , i know we don't have that many  public, so maybe i need to look into the idea of creating a DCHP scope on the AP's and just allowing those IP's to pass through the iprism, or maybe get an additional IP to put on a cheap linksys type router and assign the AP's gateway as that in addition to creating the scope?  what do you think?
0
 
jhyieslaCommented:
Probably either would work. I would think the more "secure" solution would be to get a router and give it its own public IP and then have it assign IPs to the APs. This just separates the traffic really nicely and would help to secure your main LAN.  The other solution should work, but this just seems cleaner and more simple.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
jasonmichelAuthor Commented:
how would i get around the current dhcp server, specify a helper in the aironets?
0
 
jhyieslaCommented:
A router/switch is probably going to have to be involved somewhere, although I am not knowledgeable about the specifics of the Aironets. So, if for some reason you want to put these APs on your network infrastructure you would probably have to create a separate VLAN on your switch. The other solution is more simple because a switch/router directly connected to the Internet eliminates the needs for any routing through your network and eliminates the need for messing with the iPrism.
0
 
jasonmichelAuthor Commented:
thats what i mean, even if i put another switch and router on the network, i can point the AP's to that IP for the router, but i still need to have the clients that use the AP get DHCP from somewhere.  the current DHCP server won't point to there, and we don't want everyone unfiltered
0
 
jhyieslaCommented:
If the APs can't send DHCP, and they most likely can't, then your switch/router would have to be able to do that.  And that would be the case with either solution. I know that my home router will do that and that's how my devices, both wired and wireless get their IP addresses. I would assume that your main LAN router/switch would probably to that and if you'd choose to bypass that and use a separate router that ought to do it as well.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.