The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.
COURSE of the MONTH
12 days, 9 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Unifi
Posted on 2016-08-23
Good day all, I would like to setup a wireless environment that will be able to access the Data network. the reason for this is an inventory application that i need to access via notebook (wireless) in a warehouse. Along with security of course.
I have purchased Unifi AP LR and ToughSwitch.
While configuring, I found that the AP doesn't publish leased IPs to clients, so i a acquire an ip from the DATA network Server and pass it through to the APs?
Please remember Security in mind. Is this the correct method or do i need to inject a Security Gateway Device?
The ToughSwitch is the only managed device.
I have purchased Unifi AP LR and ToughSwitch.
While configuring, I found that the AP doesn't publish leased IPs to clients, so i a acquire an ip from the DATA network Server and pass it through to the APs?
Please remember Security in mind. Is this the correct method or do i need to inject a Security Gateway Device?
The ToughSwitch is the only managed device.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
8
5-
4
17 Comments
Active 3 days ago
Here is the diagram
Wifi.jpg
Wifi.jpg
Active today
What type of environment is jt, active directory? Will other devices need to access the wireless, but not internal systems?
In an ideal case, you could implement something like 802.1x, a guest wireless network, and multiple VLANs.
In an ideal case, you could implement something like 802.1x, a guest wireless network, and multiple VLANs.
Active 1 day ago
UniFi APs are nothing more than an access point.
You need to have a server (Windows, Linux or other) or a router/firewall that can provide such leases to your network devices.
Alternatively, you could use your UniFi controller to lease IP Addresses to your network.
Do you have a DHCP server?
You need to have a server (Windows, Linux or other) or a router/firewall that can provide such leases to your network devices.
Alternatively, you could use your UniFi controller to lease IP Addresses to your network.
Do you have a DHCP server?
Active 3 days ago
The network has a DHCP Server. In an Active Directory Environment. How i have it right now is the uplink from the data network, retrieving a DHCP lease on the APs and i am able to connect.
Security is a problem. Once the SSID and Authentication has been given out i am a little worried that compromise of the data network will be a posibility.
Security is a problem. Once the SSID and Authentication has been given out i am a little worried that compromise of the data network will be a posibility.
Active today
While configuring, I found that the AP doesn't publish leased IPs to clients, so i a acquire an ip from the DATA network Server and pass it through to the APs?
Yes.
For what you seem to want to do, that is a method that could work. However, there are things you can do to make the network even more secure. However, more details need to be shared, such as whether or not there is a domain in place. Also, we'd need to know if others might need to access the same application or other network resoruces wirelessly.
Active 3 days ago
This is a Domain setting and yes users need to access an inventory database housed on the network, Wirelessly.
Active 1 day ago
I highly recommend you only use 1 DHCP server on your network but using more than one can potentially complicate your life(IMO)
I manage a client's AD and unifi AP network.
I only configured one DHCP Server to manage their Corporate network, Guest Network and a sub company that is on a completely separate vLAN.
DHCP is not the issue with wireless on your network. If you have Windows, use a GPO to configure your wireless setting with 802.1x wireless settings.
At the end of the day, you are going to have to let staff know that their username and password are used for authentication.
The UniFi AP does not publish or store device leases, this is done by the Unifi application. Have you installed this on a server(Linux or Windows server)? You need this to manage your UniFi AP devices
I manage a client's AD and unifi AP network.
I only configured one DHCP Server to manage their Corporate network, Guest Network and a sub company that is on a completely separate vLAN.
DHCP is not the issue with wireless on your network. If you have Windows, use a GPO to configure your wireless setting with 802.1x wireless settings.
At the end of the day, you are going to have to let staff know that their username and password are used for authentication.
The UniFi AP does not publish or store device leases, this is done by the Unifi application. Have you installed this on a server(Linux or Windows server)? You need this to manage your UniFi AP devices
Active 3 days ago
The problem is that the only managed device is the ToughSwitch, everything else is generic. So creating vLANs might be an issue. With regards to the GPO, i am assuming you want to authenticate, but what if the notebooks are using Home Edition that cannot be attached to the domain?
Active today
I lost the post I was going to put up yesterday, which mentioned a lot of things that nappy_d mentioned.
What type of router or firewall are you using? You might be able to implement the VLANs from there, and configure your AP(s) to have multiple wireless networks that are attached to different VLANs.
Is your AD server also the DHCP server, or is your firewall/router serving that role?
You should use 802.1X or RADIUS for authentication. You should be able to accomplish quite a bit through NPS on your server. Good question about how it interacts with Home Edition.
What type of router or firewall are you using? You might be able to implement the VLANs from there, and configure your AP(s) to have multiple wireless networks that are attached to different VLANs.
Is your AD server also the DHCP server, or is your firewall/router serving that role?
You should use 802.1X or RADIUS for authentication. You should be able to accomplish quite a bit through NPS on your server. Good question about how it interacts with Home Edition.
Active 3 days ago
I may have a simple solution. I created a scope for all wireless users and blocked the internet anyone outside of the scope i created a reservations so that they can access the internet. I may also use mac filtering to allow internet. Will this work?
Active today
Who falls in the scope, users not needing the application?
MAC filtering may work for your purpose since it seems to be a very small environment. How exactly are you utilizing it?
MAC filtering may work for your purpose since it seems to be a very small environment. How exactly are you utilizing it?
Active 3 days ago
In the scope it has content filtering enable to deny internet. MAc filtering will be for Wireless users that need to have access to both.
Active 1 day ago
I would rethink Windows 10 Home edition as it's called that for a reason and you may not get all of the Enterprise level management as you would expect from Windows 10 pro.
How many network switches do you have? Can you post a diagram and their connectivity?
DHCP and filtering with MAC/IP address is not necessarily the best security for wireless. MAC addresses can be spoofed.
Do you have the UniFi management appliance installed?
How many network switches do you have? Can you post a diagram and their connectivity?
DHCP and filtering with MAC/IP address is not necessarily the best security for wireless. MAC addresses can be spoofed.
Do you have the UniFi management appliance installed?
Active 1 day ago
Missed that :)
Bottom line; you need to replace that unmanaged switch with this or similar: https://www.amazon.com/NETGEAR-ProSAFE-JGS524E-Rackmount-JGS524Ev2/dp/B00GG1AD9A
That is the ONLY way you get to implement proper vLANs. MAC filtering is no security.
You've spent all that money on the UniFi APs and toughswitch, this additional switch is not that big of a stretch on the wallet.
Bottom line; you need to replace that unmanaged switch with this or similar: https://www.amazon.com/NETGEAR-ProSAFE-JGS524E-Rackmount-JGS524Ev2/dp/B00GG1AD9A
That is the ONLY way you get to implement proper vLANs. MAC filtering is no security.
You've spent all that money on the UniFi APs and toughswitch, this additional switch is not that big of a stretch on the wallet.
Featured Post
Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now. But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability.
This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually.
After setting up a router, find the network security…
Suggested Courses
Course of the Month12 days, 9 hours left to enroll
777 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.