IBSIT
asked on
Unifi
Good day all, I would like to setup a wireless environment that will be able to access the Data network. the reason for this is an inventory application that i need to access via notebook (wireless) in a warehouse. Along with security of course.
I have purchased Unifi AP LR and ToughSwitch.
While configuring, I found that the AP doesn't publish leased IPs to clients, so i a acquire an ip from the DATA network Server and pass it through to the APs?
Please remember Security in mind. Is this the correct method or do i need to inject a Security Gateway Device?
The ToughSwitch is the only managed device.
I have purchased Unifi AP LR and ToughSwitch.
While configuring, I found that the AP doesn't publish leased IPs to clients, so i a acquire an ip from the DATA network Server and pass it through to the APs?
Please remember Security in mind. Is this the correct method or do i need to inject a Security Gateway Device?
The ToughSwitch is the only managed device.
Last Comment
What type of environment is jt, active directory? Will other devices need to access the wireless, but not internal systems?
In an ideal case, you could implement something like 802.1x, a guest wireless network, and multiple VLANs.
In an ideal case, you could implement something like 802.1x, a guest wireless network, and multiple VLANs.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
The network has a DHCP Server. In an Active Directory Environment. How i have it right now is the uplink from the data network, retrieving a DHCP lease on the APs and i am able to connect.
Security is a problem. Once the SSID and Authentication has been given out i am a little worried that compromise of the data network will be a posibility.
Security is a problem. Once the SSID and Authentication has been given out i am a little worried that compromise of the data network will be a posibility.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
This is a Domain setting and yes users need to access an inventory database housed on the network, Wirelessly.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
The problem is that the only managed device is the ToughSwitch, everything else is generic. So creating vLANs might be an issue. With regards to the GPO, i am assuming you want to authenticate, but what if the notebooks are using Home Edition that cannot be attached to the domain?
I lost the post I was going to put up yesterday, which mentioned a lot of things that nappy_d mentioned.
What type of router or firewall are you using? You might be able to implement the VLANs from there, and configure your AP(s) to have multiple wireless networks that are attached to different VLANs.
Is your AD server also the DHCP server, or is your firewall/router serving that role?
You should use 802.1X or RADIUS for authentication. You should be able to accomplish quite a bit through NPS on your server. Good question about how it interacts with Home Edition.
What type of router or firewall are you using? You might be able to implement the VLANs from there, and configure your AP(s) to have multiple wireless networks that are attached to different VLANs.
Is your AD server also the DHCP server, or is your firewall/router serving that role?
You should use 802.1X or RADIUS for authentication. You should be able to accomplish quite a bit through NPS on your server. Good question about how it interacts with Home Edition.
ASKER
I may have a simple solution. I created a scope for all wireless users and blocked the internet anyone outside of the scope i created a reservations so that they can access the internet. I may also use mac filtering to allow internet. Will this work?
Who falls in the scope, users not needing the application?
MAC filtering may work for your purpose since it seems to be a very small environment. How exactly are you utilizing it?
MAC filtering may work for your purpose since it seems to be a very small environment. How exactly are you utilizing it?
ASKER
In the scope it has content filtering enable to deny internet. MAc filtering will be for Wireless users that need to have access to both.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I posted a diagram earlier.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Agreed. I thank you all for your advice. appreciate it.
If you need help with the configure DM me. I have several clients with this hardware.
Wireless Networking
Wireless networking is anything related to the transfer of data between two (or more) devices without the use of a physical connection, ranging from getting advice on a new Bluetooth headset to configuring sophisticated enterprise level networks.
19K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Wifi.jpg