0

I'm about to set up a wireless network with a Active Directory domain. The problem is that the desktops they have at the office should connect via AD so they get access to shared resources, gp etc. But they also have frequent guests that just need Internet access.

My idea is to connect the server to the Internet via ethernet and then have the clients connect to the server via a wireless access point.

Where do I setup these two WiFi-networks, in the access point? And how do I make the server give Internet connection to those that are not in the domain?

I have no experience with networks of this complexity. All help is appreciated but please keep that in mind.

Regards, Gabriel

gabbsmo
  • 101
  • 3

2 Answers2

1

As the guest will bring their own machines then you can provide a second ‘guest’ SSID for WiFi access. I would avoid anything to do with Active Directory and the Domain in this case and solve this with pure networking technology.

This can be done with a single access point like the DrayTek AP-800 we use. It allows us to provide a private SSID that connects to the corporate network for business laptops and a Guest SSID for visitors that is on a different subnet and just uses the same gateway for Internet access so they can collect their mail etc.

Or you can just buy a second access point for the guest WiFi and configure it separately for just Internet access. Depending on your router you could possibly also set QoS limits on the guest port where the access point is connected to make sure the business users get priority.

Edit to answers comments

  • Yes there are wireless routers that have dual separate wireless capability, but you usually get more configuration options with a extra access point (In my personal experience the router is usually in a cupboard or server room and you don't really need wireless there; you want to be able to place the access point in the office / meeting room areas)

  • For wireless devices that offer multiple SSID networks like the DrayTek AP-800 the networks are totally separate, check out their product page for more info on that.

  • To counter dead spots if you buy a second Access Points and set it up in 'Repeater mode' you can extend the coverage of both the separate networks.

best
  • 301
  • 2
  • 4
  • 11
  • Are there wireless routers that have this dual SSID feature? Or are there any benefits in having a wireless access point connected to a wired router? Even if the two SSIDs are on the same access point the network with AD and the one without will still be separate from each other? – gabbsmo Mar 03 '12 at 13:26
  • Also, they have problems with "dead spots" in their current stup so I'll probably have to add a repeater or two. Will a repeater "repeat" both of the SSIDs? – gabbsmo Mar 03 '12 at 13:46
  • One that includes that feature will do. I know you've said you don't have a lot of experience, and that's fine, but what we're doing here isn't magic either. All these things have a specification and if you want something to do a particular job you just need to read the specification and check that it includes whatever it is you are trying to do. – Rob Moir Mar 03 '12 at 14:23
0

I'm about to set up a wireless network with a Active Directory domain. The problem is that the desktops they have at the office should connect via AD so they get access to shared resources, gp etc. But they also have frequent guests that just need Internet access.

My idea is to connect the server to the Internet via ethernet and then have the clients connect to the server via a wireless access point.

Here's your first problem. It sounds like you're connecting a server running active directory directly to the Internet? Don't do that. Seriously, just don't. It's a horrible potential security hole, and it sounds like you're going to have to dual home the server (more than one network card) which is also a good recipe for failure with a server running AD.

Where do I setup these two WiFi-networks, in the access point?

Yes, assuming your access point supports it. You can have different SSIDs for guest and 'trusted' computers. Depending on how your network is set up, you may then be able to route 'guest' traffic so that people on this network can't see your trusted network traffic, which I'd suggest is a good idea.

And how do I make the server give Internet connection to those that are not in the domain?

That rather depends on how the server currently "gives" an Internet connection to your trusted machines that are in the domain.

I have no experience with networks of this complexity. All help is appreciated but please keep that in mind.

I'd seriously suggest that you need to hire in some on-site help with setting this up, at this point. It sounds like you're connecting your active directory server (I hope you have more than one of those!) directly to the internet and routing workstations through it, and that's nearly always the wrong answer to any question, unless the question is "how can I make my network overly complex, and rife with potential security flaws?

Community
  • 1
Rob Moir
  • 31,664
  • 6
  • 58
  • 86