Solved

Separate Wi-Fi clients from the domain DHCP server allocation?

Posted on 2014-02-11
11
1,068 Views
Last Modified: 2014-02-25
My client (a small college) has a Windows SBS server running dns, dhcp, etc. There are approx. 50 desktops used by college staff and students.

Additionally, students are allowed to connect to the college's Wi-Fi using their iPhones, iPads, etc. in order to browse the internet.

There is a Netgear DSL modem, a Sonicwall Firewall and 5 CISCO wireless access points throughout the building.

Windows SBS DHCP server is configured to allocate IP Addresses from 192.168.0.50 - 192.168.0.200. Everything else is reserved for printers, ip phones and networking equipment above.

The problem I have is that students using Wi-Fi from their phones/tablets, get allocated an IP Address by the DHCP server and soon after the DHCP server runs out of IP addresses to allocate.

These Wi-Fi clients dont need access to the college's network. They only need internet access.

How can I resolve this issue?
0
Comment
Question by:cgruber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 20

Expert Comment

by:edster9999
ID: 39851404
You could
1.
expand the network to allow more IPs in the same range.
so instead of 192.168.0.1 - 192.168.0.255
you could use 192.168.0.1 - 192.168.1.255
Giving 510 usable address instead of 253.

You do this by changing the subnetwork to 255.255.254.0 (instead of 255.255.255.0)

or 2.
You could have two subnets.  So you keep 192.168.0.X for what you have today
and then put 192.168.1.X just for wireless.
Both networks would have the 255.255.255.0 subnet
and the router / dhcp would have to be setup to route and assign the addresses.
0
 
LVL 4

Expert Comment

by:amclaughlin01
ID: 39851405
Does anyone connect through the wireless that would have the need to connect to the college's network?

Is there a controller in play or are these APs standalone devices?  Usually, there is is a setting to allow for guest connections through the APs that would be on their own IP addresses and only have access to the Internet not the internal network.

Other option would be to setup a second IP address subnet with it's own DHCP pool of addresses that could be used just for the wireless network.  This would entail creating a separate VLAN and assigning the ports on the switches that the APs are patched into.  Then when a DHCP request from the wireless came through, it would recognize that it was coming through on the VLAN and assign an appropriate IP address.

What make/model are your switches?  Are they Cisco also?

If they are Cisco, here is some information on configuring VLANs on them:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/VLANs.html
0
 
LVL 8

Accepted Solution

by:
Mandeep Khalsa earned 500 total points
ID: 39851434
To separate your WiFi with your physical network you should use Sonicwall. Configure a port say X4 on the Sonicwall to be part of the WLAN zone and turn on the DHCP Server for that zone. Connect all your Cisco AP's to that port (X4) using a switch. Then update your firewall rules to deny traffic flow from WLAN to LAN.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Comment

by:cgruber
ID: 39851444
Yes, some wi-fi clients (such as staff with laptops) will still need access to the college's network.

switches arent cisco.

I dont want to expand the current network to allow more Ips, I want to keep the hotspot users away form the network.
0
 

Author Comment

by:cgruber
ID: 39851451
KhalsaComputer - That sounds interesting. I will try that on the Sonicwall with just one WAP and see if it works
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39851461
Just so you know doing it with the Sonicwall will stop your staff members with laptops from accessing the network unless you put in specific firewall rules.
0
 

Author Comment

by:cgruber
ID: 39851479
I could simply setup a separate WAP in the staff office which would bypass the Sonicwall and have its own SSID and passcode !?
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39851498
Yes a separate WAP that is placed on your LAN will continue to give you the same results that you are achieving currently, the only difference being the SSID and password will be restricted to staff only.
0
 
LVL 4

Expert Comment

by:amclaughlin01
ID: 39851566
I am not absolutely positive on the Sonicwall, but most WAPs will allow for multiple SSIDs.

You might be able to configure all your Sonicwalls with one SSID for staff and another SSID for guests, which would eliminate having to add additional WAPs
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39851693
From my understanding the newer models of Sonicwall are capable of having multiple SSID's however in this case, if we are going to block the whole WLAN zone from accessing the network multiple SSID's will accomplish nothing.
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39851748
Just remembered that Sonicwall by default only allows SonicPoints to pass traffic on the WLAN so you will have to do one more step for this to work. Go to Network -> Zone -> WLAN and under wireless tab, uncheck the box for "sonicpoints" only (should be at the bottom).
0

Featured Post

Schedule a Tour of the ATEN booth at InfoComm 2017

Tour the ATEN booth to see the the Latest Addition to the Modular Matrix Switch Series, New 4K HDMI Over IP Extender and more! Enter ATEN's Ultimate Giveaway Sweepstakes for a chance to win one of several great prizes, including an ATEN US7220 2-Port Thunderbolt 2 Sharing Switch!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question