With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!
Course Of The Month
6 days, 19 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Unifi
Posted on 2016-08-23
Good day all, I would like to setup a wireless environment that will be able to access the Data network. the reason for this is an inventory application that i need to access via notebook (wireless) in a warehouse. Along with security of course.
I have purchased Unifi AP LR and ToughSwitch.
While configuring, I found that the AP doesn't publish leased IPs to clients, so i a acquire an ip from the DATA network Server and pass it through to the APs?
Please remember Security in mind. Is this the correct method or do i need to inject a Security Gateway Device?
The ToughSwitch is the only managed device.
I have purchased Unifi AP LR and ToughSwitch.
While configuring, I found that the AP doesn't publish leased IPs to clients, so i a acquire an ip from the DATA network Server and pass it through to the APs?
Please remember Security in mind. Is this the correct method or do i need to inject a Security Gateway Device?
The ToughSwitch is the only managed device.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
8
5-
4
17 Comments
Active 1 day ago
Here is the diagram
Wifi.jpg
Wifi.jpg
Active today
What type of environment is jt, active directory? Will other devices need to access the wireless, but not internal systems?
In an ideal case, you could implement something like 802.1x, a guest wireless network, and multiple VLANs.
In an ideal case, you could implement something like 802.1x, a guest wireless network, and multiple VLANs.
Active today
UniFi APs are nothing more than an access point.
You need to have a server (Windows, Linux or other) or a router/firewall that can provide such leases to your network devices.
Alternatively, you could use your UniFi controller to lease IP Addresses to your network.
Do you have a DHCP server?
You need to have a server (Windows, Linux or other) or a router/firewall that can provide such leases to your network devices.
Alternatively, you could use your UniFi controller to lease IP Addresses to your network.
Do you have a DHCP server?
Active 1 day ago
The network has a DHCP Server. In an Active Directory Environment. How i have it right now is the uplink from the data network, retrieving a DHCP lease on the APs and i am able to connect.
Security is a problem. Once the SSID and Authentication has been given out i am a little worried that compromise of the data network will be a posibility.
Security is a problem. Once the SSID and Authentication has been given out i am a little worried that compromise of the data network will be a posibility.
Active today
While configuring, I found that the AP doesn't publish leased IPs to clients, so i a acquire an ip from the DATA network Server and pass it through to the APs?
Yes.
For what you seem to want to do, that is a method that could work. However, there are things you can do to make the network even more secure. However, more details need to be shared, such as whether or not there is a domain in place. Also, we'd need to know if others might need to access the same application or other network resoruces wirelessly.
Active 1 day ago
This is a Domain setting and yes users need to access an inventory database housed on the network, Wirelessly.
Active today
I highly recommend you only use 1 DHCP server on your network but using more than one can potentially complicate your life(IMO)
I manage a client's AD and unifi AP network.
I only configured one DHCP Server to manage their Corporate network, Guest Network and a sub company that is on a completely separate vLAN.
DHCP is not the issue with wireless on your network. If you have Windows, use a GPO to configure your wireless setting with 802.1x wireless settings.
At the end of the day, you are going to have to let staff know that their username and password are used for authentication.
The UniFi AP does not publish or store device leases, this is done by the Unifi application. Have you installed this on a server(Linux or Windows server)? You need this to manage your UniFi AP devices
I manage a client's AD and unifi AP network.
I only configured one DHCP Server to manage their Corporate network, Guest Network and a sub company that is on a completely separate vLAN.
DHCP is not the issue with wireless on your network. If you have Windows, use a GPO to configure your wireless setting with 802.1x wireless settings.
At the end of the day, you are going to have to let staff know that their username and password are used for authentication.
The UniFi AP does not publish or store device leases, this is done by the Unifi application. Have you installed this on a server(Linux or Windows server)? You need this to manage your UniFi AP devices
Active 1 day ago
The problem is that the only managed device is the ToughSwitch, everything else is generic. So creating vLANs might be an issue. With regards to the GPO, i am assuming you want to authenticate, but what if the notebooks are using Home Edition that cannot be attached to the domain?
Active today
I lost the post I was going to put up yesterday, which mentioned a lot of things that nappy_d mentioned.
What type of router or firewall are you using? You might be able to implement the VLANs from there, and configure your AP(s) to have multiple wireless networks that are attached to different VLANs.
Is your AD server also the DHCP server, or is your firewall/router serving that role?
You should use 802.1X or RADIUS for authentication. You should be able to accomplish quite a bit through NPS on your server. Good question about how it interacts with Home Edition.
What type of router or firewall are you using? You might be able to implement the VLANs from there, and configure your AP(s) to have multiple wireless networks that are attached to different VLANs.
Is your AD server also the DHCP server, or is your firewall/router serving that role?
You should use 802.1X or RADIUS for authentication. You should be able to accomplish quite a bit through NPS on your server. Good question about how it interacts with Home Edition.
Active 1 day ago
I may have a simple solution. I created a scope for all wireless users and blocked the internet anyone outside of the scope i created a reservations so that they can access the internet. I may also use mac filtering to allow internet. Will this work?
Active today
Who falls in the scope, users not needing the application?
MAC filtering may work for your purpose since it seems to be a very small environment. How exactly are you utilizing it?
MAC filtering may work for your purpose since it seems to be a very small environment. How exactly are you utilizing it?
Active 1 day ago
In the scope it has content filtering enable to deny internet. MAc filtering will be for Wireless users that need to have access to both.
Active today
I would rethink Windows 10 Home edition as it's called that for a reason and you may not get all of the Enterprise level management as you would expect from Windows 10 pro.
How many network switches do you have? Can you post a diagram and their connectivity?
DHCP and filtering with MAC/IP address is not necessarily the best security for wireless. MAC addresses can be spoofed.
Do you have the UniFi management appliance installed?
How many network switches do you have? Can you post a diagram and their connectivity?
DHCP and filtering with MAC/IP address is not necessarily the best security for wireless. MAC addresses can be spoofed.
Do you have the UniFi management appliance installed?
Active today
Missed that :)
Bottom line; you need to replace that unmanaged switch with this or similar: https://www.amazon.com/NETGEAR-ProSAFE-JGS524E-Rackmount-JGS524Ev2/dp/B00GG1AD9A
That is the ONLY way you get to implement proper vLANs. MAC filtering is no security.
You've spent all that money on the UniFi APs and toughswitch, this additional switch is not that big of a stretch on the wallet.
Bottom line; you need to replace that unmanaged switch with this or similar: https://www.amazon.com/NETGEAR-ProSAFE-JGS524E-Rackmount-JGS524Ev2/dp/B00GG1AD9A
That is the ONLY way you get to implement proper vLANs. MAC filtering is no security.
You've spent all that money on the UniFi APs and toughswitch, this additional switch is not that big of a stretch on the wallet.
Featured Post
On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Coaxial cable bending
There are several factors that govern the selection of coaxial cable for your Machine to Machine (M2M) application: the location of cable runs, either indoor or outdoor, inside or outside an enclosure, maximum bending and the…
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability.
This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually.
After setting up a router, find the network security…
Suggested Courses
Course of the Month6 days, 19 hours left to enroll
724 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.