Solved

bypassing iprism web filter

Posted on 2010-11-22
7
1,460 Views
Last Modified: 2012-05-10
ok, heres what i got,  I have a st. benard iprism model 20 with software version 6.402 that filters quite a few vlans for internet traffic.  I am putting in 8 Cisco Aironet 1252 Access points, What I want to be able to do is bypass the webfilter for anyone connected to the access points.. This is basically going to be a public internet access hotspot.  any ideas?
0
Comment
Question by:jasonmichel
  • 4
  • 3
7 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 500 total points
Comment Utility
If the AP is going to give out IP addresses, you could write a network exception for that segment with the PassAll profile. If the IPs area going to live on your main LAN I'm not sure it's possible, unless all wireless connections are going live in a certain range of IPs and then again, the Network set up with a PassAll profile would probably work.  

Another possibility would be to get a second Public IP and put a small layer 2 switch between the Internet access router and the iPrism. Then give the AP it's own Public IP. This will in effect wall off all of the Wireless traffic from your local LAN. We've done that at my company and it works really well.
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
i have a total of 8 AP's , i know we don't have that many  public, so maybe i need to look into the idea of creating a DCHP scope on the AP's and just allowing those IP's to pass through the iprism, or maybe get an additional IP to put on a cheap linksys type router and assign the AP's gateway as that in addition to creating the scope?  what do you think?
0
 
LVL 28

Expert Comment

by:jhyiesla
Comment Utility
Probably either would work. I would think the more "secure" solution would be to get a router and give it its own public IP and then have it assign IPs to the APs. This just separates the traffic really nicely and would help to secure your main LAN.  The other solution should work, but this just seems cleaner and more simple.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
how would i get around the current dhcp server, specify a helper in the aironets?
0
 
LVL 28

Expert Comment

by:jhyiesla
Comment Utility
A router/switch is probably going to have to be involved somewhere, although I am not knowledgeable about the specifics of the Aironets. So, if for some reason you want to put these APs on your network infrastructure you would probably have to create a separate VLAN on your switch. The other solution is more simple because a switch/router directly connected to the Internet eliminates the needs for any routing through your network and eliminates the need for messing with the iPrism.
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
thats what i mean, even if i put another switch and router on the network, i can point the AP's to that IP for the router, but i still need to have the clients that use the AP get DHCP from somewhere.  the current DHCP server won't point to there, and we don't want everyone unfiltered
0
 
LVL 28

Expert Comment

by:jhyiesla
Comment Utility
If the APs can't send DHCP, and they most likely can't, then your switch/router would have to be able to do that.  And that would be the case with either solution. I know that my home router will do that and that's how my devices, both wired and wireless get their IP addresses. I would assume that your main LAN router/switch would probably to that and if you'd choose to bypass that and use a separate router that ought to do it as well.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now