Adtran routers will do this, too. I’m in the midst of creating my “guest” wireless VLAN. The nice thing about the HP M110 access points is that you can create two communities – on separate VLANs. One for your users and one for your guests.
Sean Rector, MCSE From: Harry Singh [mailto:hbo...@gmail.com] Sent: Wednesday, August 03, 2011 2:01 PM To: NT System Admin Issues Subject: Re: VLAN N00b +1 I have zero experience with Sonicwall, but being a Juniper user for years, this is something you can accomodate should you have a spare interface on your Juniper FW. You assign it a zone to it, if you like, or simply make in an "untrusted" port and route out to and from it, assign DHCP and policies. On Wed, Aug 3, 2011 at 1:44 PM, Paul Hutchings <paul.hutchi...@mira.co.uk> wrote: Does the Sonicwall have the concept of “Zones” and can it act as a DHCP server with different scopes per interface? Using a Juniper as an example, you configure an interface as a Zone (called, say, “Guest”) and assign it an interface and run a DHCP server on that interface. Paul From: David Lum [mailto:david....@nwea.org] Sent: 03 August 2011 15:27 To: NT System Admin Issues Subject: VLAN N00b So…I bought a wireless AP and it looks like I get to delve into learning a little VLANing. Environment: DNS,DHCP server (2003 SBS server, Domain controller) Second DC (2003 R2 Server) SonicWall Firewall Dell PowerConnect 3448 17 Domain PC’s HP M110 Wireless AP with non-domain PC’s using this to get to the Internet. Desired result for WLAN clients: · Able to get to the Internet, but not be able to see any domain systems. · DNS configured to non-domain server (SonicWall would be OK) I can VLAN with the PowerConnect and make it so that AP can only get to the firewall, but my issue then is how will any clients get assigned an IP address. I can configure the Sonicwall to hand out IP’s but then I lose control of IP’s (reservations, etc) from the SBS system. It looks like I should divorce DHCP from the SBS server and put it on the 2nd DC and allow the AP to see the one DC and the Sonicwall. Here’s a document I found helpful: http://www.dell.com/downloads/global/products/pwcnt/en/howto_config_private_vlans.pdf From that, the SBS server and all domain PC’s would be in Community 10 The AP would be in Community 11 The firewall and 2nd DC (now doing DHCP) would be promiscuous. Is that too big of a risk? The HP110 can do RADIUS and I did install that capability on the 2nd DC but I don’t really know what I’m doing here. This would get me close to my desired result. Can RADIUS be used to conditionally hand out IP addresses? What would be nice is the ability to have it so VLAN1 (Community 10 in the diagram) gets some IP settings, VLAN2 (Community 11) gets others – namely a different DNS server. All thoughts and comments welcome. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ________________________________ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Information Technology Manager Virginia Opera Association E-Mail: sean.rec...@vaopera.org Phone: (757) 213-4548 (direct line) {+} Tickets and Subscriptions On Sale Now! Aida | Hansel And Gretel | Orphée | The Mikado Visit us online at www.VaOpera.org or call 1-866-OPERA-VA Experience the Beauty, Power & Passion of Virginia Opera. This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
