How to setup wireless access not to cross internal vlan?

hi folks,
I am about to set up a wireless network for our library users that come in from the public and bring their own laptops. We would like to have two options:
1) they can open their laptop and just jump on without any authentication. but this traffic should not cross my internal vlans. I was thinking i'd put the AP off the DMZ.
2) if they need to come inside they must create a vpn connection.
would this be considered 'secure'?
how best can i do this?

Putting the AP in your DMZ is one of the classic wireless security techniques. It's quite secure in terms of protecting your private network- although there's obviously no control or security regarding unknown users accessing the public internet. Basically, you're giving free internet access to anyone who wants to use it... if this doesn't bother you and your only concern is your own private resources, go for it.
Obviously, you'd need to make sure that your VPN solution is working properly for those users who are authorized for the private net.

Similar Messages

  • How to setup the access privilege of flash file in Web Intelligence?

    How to setup the access privilege of flash file in Web Intelligence?   WEBI can set access privilege for single WEBI report file, but it seem cano not set access privilege for one flash file.

    Thank you Maksim,
    I did set the "selectionMode" to "Auto". I don't understand where In supply function I have to set lead selection of nested node to first element. Please elaborate on this. Are you talking about the context attribute bound to the second table? OR do I have to change the Importing parameters "Node" and "Parent_Element" of my supply function?
    Thanks for your time.

  • How to setup external access in VM?

    We need to setup a Microsoft VM and allow external access without using my company VPN as we need to test the web services integration with other vendors. could you please help how to setup external access? Thanks

    Hi Wilson,
    As a prerequisite , that VM need to access the gateway .
    It means that you need to
    create an external virtual switch then connect that VM to external virtual switch then allocate a LAN IP for VM .
    http://technet.microsoft.com/en-us/library/jj647786.aspx
    After this you may think of this VM as a physical machine in your LAN then do what you need .
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • How to enable wireless access point for WRT300N

    From product data, "First, there’s the Wireless Access Point, which lets you connect to the network without wires."
    I already have a WRT54GX-V2 setup to modem.
    My intention for this WRT300N is to extend the network connectivity without any lan cable running along my house for those devices which only support LAN wire.
    Try to search/google around, there is no hint/help to configure AP in WRT300N.
    May I know how should I configure WRT300N so that i will be as an access point to WRT45GX-V2 without any wired connection between these 2 router.
    Thanks.

    Is that mean I can do that with WAP4400N only if we want to sustain wireless-N mode?
    Yes. With standard firmware, yes. (If there is a N WET wireless bridge, that would do it, too, of course)
    Is there any way to configure WRT300N to connect to WRT54GX by wireless?
    It may be possible if you can flash third party firmware like dd-wrt on the router (either one). I would suggest to check the dd-wrt wiki for notes on which routers are supported and which not. However, a bad flash may brick your router and it is probably not covered by warranty then...
    If use wired connection, do I need to change any configuration vs. default factory setup?
    If you can run a wire I would suggest this setup.
    EDIT: as Ricewind correctly noted, the Linksys WETs are the wireless bridges. The WRE is a repeater.
    Message Edited by gv on 04-13-2008 02:25 PM

  • How to setup remote access with E4200?

    Hi,
    I am new to this and I need help from you all on how to setup the E4200 so that I can access the media server when I am in office?  Is there a guide or step by step procedure on this?  I was browsing on the Cisco website and unable to find it. 

    The purpose of using DDNS is it substitutes the public/WAN ip address provided by your ISP.We all know that the ip address provided by our ISP(if we are not subscribe to a premium static ip address) is basically public and will always change from time to time.So it will be difficult for us to know what's the ip address our ISP has provided us and this will lead us problems accessing our router or ftp server remotely. Thus by using DDNS' it will now allow us to access the router remotely without knowing what's the WAN ip address.

  • How to setup Mobile Access Server

    Hi,
    I am trying to setup Mobile Access Server on my Mac Mini Server. The setup I have is a small network behind a Airport Extreme. I would like to give all users access to services using Mobile Access Server and was hoping initial setup was going to take care of that....no such luck.
    What do I fill in for the local servers? How do I access this service from the outside the lan? How do I need to configure my Airport (with the other services, it happened almost automatically from the security pane).
    Thanks,
    Ian

    Hi,
    In the field for local server you just type in the local dns name for your calendar server, mail server etc... Also select which port you want publish externally and the the correct port your service is actually using on your lan (Selected under advanced tab). Make sure your mobile access server can resolv your hostnames correctly. It should point to an local ip. If an nslookup shows your public ip, you have to correct your local dns server (This is often called split dns configuration.)
    To access this from outside your LAN you have setup NAT and permit the port you have configure your mobile access server to be the incomming port. How exactly you do that on the airport I am not sure, but I am sure it is explained in the user manual for the airport.
    I found this video about the mobile access server on youtube: http://www.youtube.com/watch?v=_VRgl2bncZU
    Hope this helps.
    Bernt

  • How to setup wireless printing with AirPort Express?

    Hey, I just bought a AirPort Express today and I can't figure out how to setup the usb wireless printing. Could someone explain in detail on how to do this? Thanks-Michael
    I have a Windows 7 64-bit PC and a Hp Deskjet F380 USB printer.

    Download the install Bonjour Print Services for Windows v2.0.2
    Run the program. Hopefully, your printer will be recognized.
    If it is, "install" the printer and try to print.
    Keep in mind that if you have an All-in-One type of device, that only the print function will be supported.
    Advanced features like copy, scan, maintenance, etc are not supported. You will need to connect the All-in-One directly to your PC if you need those services.

  • How to setup the access duration for user

    Dear experts,
    As requrement of users, we need to setup the access duration for all users of our company . It's mean users only access into SAP on defined duration
    Ex : Working time is 8h00 am to 17h00 pm, after 17h00 pm, users cannot access into system
    Please help.
    Thanks,
    Neo

    Hi all,
    Thanks for your solution
    We want to set the access duration for end-user but sometimes, we need to flexible to allow user access to system in some special case.
    Let me detail users's requirements
    - Users can access to SAP fom 8h00 to 16h00
    - At 16h00, system will send the warning message to user to inform that system will aunomatic turn offf after 15 minutes, it's mean system will automatic kick out users after 15 minutes
    - From 16h00 to 8h00, users can not access to SAP
    - However, in some special case, we can grant the acess to system to specific user.
    Can we setup these steps on SAP ?
    Thanks,
    Neo

  • How to Setup another Access Policy 5.3

    hi everyone,
    Thank you for your help in advance. I am new to v5.3, and I am not good at VPN. So hope you can help.
    I just have my consultant to configure this correctly just today. Currently, there is only one rule for the access policy (Single Result Selection). That rule is to use Active Directory as the source for the authentication. And by default will deny any other access which is not found in the rule.
    Now... I just got an order that I need to setup a new user who will need to access to our network by using Cisco IPSec VPN (the software one). But that user is not setup in our Active Directory, and we do not want him to access our domain anyway. He only needs to access non-domain resourse...such as airconditioning controller by IP. So I am thinking to setup his account by using "internal identtity". If I do this way, what do I need to do to setup another access policy? May you give me some steps with little more details?
    OR... if it is not the way I should do...what else can I do to achieve this goal? Also, he said he could provide his static IP trying to access from.
    I have a ASA 5520.
    Thank you very much for your help.
    Takami Chiro

    Hello,
    Instead of creating a separate rule for the credentials validation you can edit the existing one that points to AD1 (only) and change it to a result on the ACS that checks both AD1 and Internal Users. In that case we need to use Identity Store Sequence. Refer to the steps below:
    On the ACS GUI > Users and Identity Stores > Identity Store Sequences > Create > Select "Password Based" and on the first box move AD1 and Internal Users to the right. Please do the same on the box at the bottom.
    The option "Internal User/Host Advanced Option: If internal user/host not found or disabled then exit sequence and treat as "User Not Found" should stay unchecked. Click submit.
    After creating the ID Store Sequence you need to change the Identity Result where you had AD1. Now the name of the ID Store will display as an available option. Please select that one and save the changes.
    With the above configuration, the expected behavior would be:
    1) ACS receives a request from the Internal User.
    2) ACS tries to validate the credentials against AD.
    3) AD returns an "User Unkown" response.
    4) ACS moves to the Internal Users.
    5 ACS successfully authenticates the user validating the provided credentials against Internal Users.
    Hope this helps.
    Regards.

  • How to setup Wireless Clients MAC+Active Directory based acess

    Dear Gents,
    I want to setup Wireless Clients MAC+Active Directory based acess on AP 1242 standalone Wireless series .
    Steps i have configured :
    1) SSID manger  under Open authentication : Selected with EAP.
    2) under advacned Radius : s
    MAC Address  Authentication
    MAC Addresses Authenticated by:
    Authentication Server Only
    3) Server Manger : Current server list
    added the radius ip address 10.1.200.x
    EAP  Authentication
    MAC  Authentication
    Accounting
    Priority  1:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
    Priority  1: < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
    Priority  1: < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
    Priority  2:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
    Priority  2:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
    Priority  2:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
    Priority  3:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
    Priority  3:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
    Priority  3: < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
    From ACS - Radius  we have choose a Group x( named as Mac-address group )
    All the wireless Client ( laptops ) mac-address are added as add username option and enter username
    as mac-address & enter the mac-address as pwd second option of password TAB.

    Hi Akber,
    I think you didnt understood what i was trying to say here :-( No problem..I will explain my theory again.Your requirment is to autheticate user from ACS internal database (you have already added the MAC address as the username on your ACS internal database) as well as from ACS external database (in your case this is AD).
    What i was saying is when when authetication request comes to raidus server it checks its internal database and if it find a valid username and password (here it will the MAC address and password which you have entered to the ACS database) the ACS will not query the external database (in your case the AD) for authetication.
    You can not have ACS to look in to both MAC and AD database at the same time.
    Hope this clears your doubt.
    Regards
    Najaf

  • Don't know how to setup wireless D-Link router

    I just bought a D-Link Wireless Router WBR-1310.
    It is running, connect throught Ethernet to a high speed modem,
    two computers are connected to the router with Ethernet cables (iMac on Mac OS 10.5.6 - G4 on Mac OS 10.4.11).
    I don't use it in wireless mode because I don't understand how to do it (the manual mentions nothing about mac computers I don't understand why).
    I want to disconnect my Ethernet cables (except the one between the modem and the router)
    and use just the wireless mode for the 2 macs. What do I do?
    I turned on AirPort on the iMac, disconnected the Ethernet cable but nothing works
    (I loose the connection to Internet). When I select Airport it gives me a list of satellite names
    and what not. I don't get it.
    Should be easy, what should I do exactly.
    I'm afraid to play around with the settings since everything works fine now with cables.
    Thanks
    Louis
    Montréal, Québec
    [email protected]

    I don't want to detail all the steps re wireless set up but. 1.The scheme for a Mac is different only in the interface presentation and some minor features. You can certainly get it going on a Mac.
    2. Get hold of a manual for a router that does describe a Mac set up, by download or otherwise and read it to get the general scheme.
    3. Since it is running via the ethernet cable I assume you have the basic ADSL transmission parameters set so it is just a matter of the wireless signals to and from the device and encryption, and then setting the encryption passphrase up in each client card in the computers.
    4. Note the default IP address of the router, and the default administration user name, and default admin password. These should be on the soleplate or in the literature.
    5. Use a browser to browse to said IP address. just http:// then the number set , not www.
    6. Enter admin username and password into pop up box. Do not worry about any 'certificate' warnings. It is a bit of hardware in your house you are going to not a dodgy site.
    7. A website like page will come up. Go through the tabs to get to the one on Wireless and Security. Don't worry about opening pages. It usually needs a specific action to save any change.
    8. You will need to set up probably the country of use,an SSID (station name) maybe stuff about the channel to use. The router will most likely pick suitable defaults for Canada etc if you bought it at home.
    There is little good from not setting a station name or hiding it. Getting that is childs play for a Hacker. Not much use either restricting access to specific hardware (specified by the MAC codes of the device cards)
    9. Choose to set up an 'Infrastructure 'network. That is one with security. Choose to set up WPA2 personal encryption. WEP is to easy to break. 'Enterprise' security needs a dedicated password server.
    10. Now the passwording. The device both uses this as a password proper and then as an encryption key for the traffic. Some routers have a so called easy push button way of setting a password, WPS. My simple mind prefers the direct route After establishing the form of th security pick a passphrase to enter in the WPA2 passphrase box. I use a piece of poetry, stripped of all punctuation and spaces. Can contain non alphanumeric characters. Bfore entering it, write it down. Draw several parallel lines on paper then cut them with verticals number the boxes from 1 to 63. Then enter the passphrase to total 62 characters. More it wont work. Less is less secure. You can pad the end or start if your poetry does not quite fit.
    11. At the completion of the page click to save it.
    12. Now set the passphrase into the wireless sets on the computers. How will depend upon the OS used by the computer. Read the help.

  • How to setup wireless time capsule with 3rd party external HDD and router?

    Topic says it all really...
    I've got a linksys router and an iomega external hard drive.
    I want to have wireless time capsule setup but i don't really wanna shell out for an apple time capsule when I have a perfectly working router and hard drive...
    Can it be done? would I be better off buying an airport express/extreme?
    cheers

    Welcome, jackbyo!
    I've got a linksys router
    Good product
    iomega external hard drive.
    1) The drive must be formatted in Mac OS Extended (Journaled) to work with Time Machine.
    2) The drive will need to be connected directly to your Mac via USB or FireWire connection.
    Can it be done?
    As above
    would I be better off buying an airport express/extreme
    The AirPort Express will not support a hard drive.
    Time Machine backups to a drive at the USB port of the AirPort Extreme are not supported by Apple due to corruption issues.

  • How can I wirelessly access my desktop's extrenal drive via my laptop?

    I know that the Unix underpinnings of OSX only allow me to access my home folder wirelessly but most of the files I want to share are on my 250 gig lacie external drive.
    There must be a way around this but I don't know what it is.
    I would like to be able to copy and write to this drive from my Dell laptop.
    I have a wireless network set up with airport extreme which works well otherwise.
    Thanks,
    Gord
    power mac g4 dual 450 Mac OS X (10.4.1)

    You will need to use Sharepoints in order to share the hard drive.
    http://www.hornware.com/sharepoints/
    iFelix

  • How come Verizon Wireless will not give their customers a corporate number, email, or address to send complaints?

    I have been with Verizon Wireless for 7 years and I have went through more problems in customer service in the last year then I have in my whole 7 years. Usually if I have a problem they fix it immediately, I tend to call instead of going into a Verizon store because Verizon stores just do not care about their customers. I am beginning to think the same thing about Verizon Wireless customer service.
    Problem number 1: Verizon Wireless making changes to my account, aka payment arrangements, without my knowledge or consent. Making my phone shut off because I was 3 days late. Yes THREE DAYS... not months. Then after they turned my phone on because of their error I paid my bill. About a couple weeks later I decide that I want to purchase a new phone and want it billed to my account. They then tell me that no I could not have it billed to my account because my phone was shut off for non-payment. I then explained that it was an error, they then told me that they could not over-ride the system and I would have to wait 6 months to bill to my account. I asked if that meant I could bill to my account even if Iam late a couple days or what. They told me as long as my phone had not shut off because of non-payment I would be able to bill to my account, also that they would write a formal complaint on the person who made a payment arrangement on my account without my consent and they would get back to me. That was in Mar of 2013. I am still waiting for a reply from my complaint.
    Problem number 2: In March of 2013 Verizon had an email option on their website where you could email corporate and they will email you back. Since then they have taken it off and will not give their customers email, number, or address where they can reach corporate at.
    Problem number 3: Sept of 2013, it has been 6 months. I I then call Verizon to bill to my account a new phone, because I wanted to start a new contract. Well they tell me that because I do not pay on the same day of every month I will not be able to bill to my account and they can not over ride the system. I then tell them that this was not what was told to me in March of this year. The rep tells me that she cant do anything for me except investigate it and get back to me within 4 hours. I say okay and leave my number I wanted to be reached at, I asked if she was sure that she was going to call me back because I have been told in the past by verizon wireless reps that I would receive calls from them and they never bothered to return my call, because basically I was un-important. She stated that she would and she appreciated the business I gave Verizon for the past 7 years. (she was a supervisor by the name of Jeniffer in customer service on the east coast). 5 hours later I still had not received a call so I call back and ask to speak to a supervisor they then tell me that my claim was denied for "unknown" reasons about the call 6 months ago and they were not going to let me bill to my account and they couldnt help me further. I asked for a a corporate number, email, or address and they told me repeatedly that they did not know them and could not give them out if they did know them. That if I had a complaint he could notate it and make sure it was handled. Psssh just like it was handled 6 months ago. I daid thank you but no thanks and ended my call soon thereafter.
    It just galls me that Verizon treats their customers who make them money by using their services and phones every year. They do not have any care for the complaints and actions of their workers as well as their customers.
    I just want to know it anyone knows they corporate number, email or address??
    Or maybe a verizon rep out there (which I pretty much doubt will respond to my question)
    If I dont receive an answer soon I believe... no i KNOW I will be taking my $127.33 else where and maybe just maybe I can get better customer service, even if its just a tiny inch better than Verizons.
    AT&T here I come.

    yesterday i went to verizon with a 8 day old broken phone after 40 mins in line to be helped  the sales staff at glenway av in cincinnati turned me around and sent me out the door without solving my problem or returning my less than 14 day old phone.  i called corporate at >>removed<< they called the store and made an appointment with the manager to resolve my issue. when i returned to the store i was told i had to wait in line again so i decided to get loud enough for every customer in the store to hear what kind of customer service i was recieving.  so then the employee at the door not the manager called the police on me and threw me out of the store so today i am returning my phones and am seeking other service providers  but anyhow the corporate number i provided is a good one and the people you reach will solve your problem  corporate level is does do a grat job but the customer service level and store level employees i have found to be very unproffessional and extreemly mismanaged.
    >> Edited to comply with the Verizon Wireless Terms of Service <<
    Message was edited by: Verizon Moderator

  • Re: How to setup database access in Forte Standalone?

    Hi Chang Chiang Seng,
    I've installed Forte Standalone on Windows 3.1 and would like to set
    it up to access an ODBC database.
    Is there anyway to do it, since I am not connected to any central node ?The following is a reply posted to this list earlier from Bobby Carp
    at Forte, which addresses your question:
    2. If you have Win 3.1 or Win 95, then you cannot run an environment
    manager or server partitions, but you can still connect to an ODBC
    database.
    Setting up an ODBC resource manager is very straight-forward. You do
    some
    of the work in the ODBC control panel (ie. mapping a name to a
    particular
    data source such as Access file, flat file, etc.). You then run Forte
    Standalone which will automatically use ODBC for any DBSessions or
    DBResourceMgr
    service objects that need to get created by a run. You don't need to
    change your service object to point to an ODBC Resource Mgr, the system
    does it automagically.
    Hope it helps,
    Kerry
    | | / \ Kerry Bellerose [email protected]
    | || C | Senior Consultant http://www.lindhard.com/
    | | \___/ Lindhard International
    | |_____ Datavej 52 direct: 45 45 94 01 03
    | | 3460 Birkeroed desk: 45 45 82 21 21
    |_________| Denmark fax: 45 45 82 21 22

    Hi Wilson,
    As a prerequisite , that VM need to access the gateway .
    It means that you need to
    create an external virtual switch then connect that VM to external virtual switch then allocate a LAN IP for VM .
    http://technet.microsoft.com/en-us/library/jj647786.aspx
    After this you may think of this VM as a physical machine in your LAN then do what you need .
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

Maybe you are looking for

  • Combo Box Use Global Data issue

    I am using a drop down combo box to select a name, and have checked specifiy item values, am using the item numbers in a switch statement to populate other text boxes depending on selection of drop down.  These same items appear several times in the

  • What is needed on non-weblogic client to make soap request

    Hi, I am trying to make a soap request from a client that is not weblogic to a weblogic6.1 server. I was under the impression that all I needed was the client.jar created by wsgen. But when I try to access the service through the client I get the bel

  • How to export  HTML from Indesign CS5

    Hi there, I was trying to automaticly export a selection (frame for example) of my indesign active document in CS5 into an HTML file. I did that with CS5.5 and i was able to do :      activeDoc.pageItems.item(i).exportFile("HTML", htmlFile, false); 

  • Your Suggestions (How You Do It)

    Happy New Year to all. I'm looking for your suggestions as to how to handle my Raw HD files for storage and also workflow. We record to 3 Canon Vixia hand-helds recording 1080x60i and importing into  FCP X for editing. Coming from music production ba

  • Hiding the FLVPlayback control bar

    I have a FLVPlayback on my stage, but I want to use my own controls rather than the ones provided by the skin. I read that I can make my own skin - but have not been successful. Any pointers as to how to do it?