Wireless Access Point which can limit access to a server

Discussion in 'Wireless Networking' started by adamgilldo, Oct 11, 2007.

  1. adamgilldo

    adamgilldo Guest

    I've been asked to research a wireless access point that can limit
    access to a server. Does such a thing even exist? If so, any
    suggestions on decent ones? Or would it be easier to purchase a WAP
    and a firewall?

    adamgilldo, Oct 11, 2007
    1. Advertisements

  2. I am not sure I understand the question. Assuming you want wireless users
    access the Internet only not the LAN, you may setup a VLAN. A good example
    is Cisco 1200 AP.

    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    How to Setup Windows, Network, VPN & Remote Access on
    Robert L \(MS-MVP\), Oct 11, 2007
    1. Advertisements

  3. No.
    Firewalls are designed to sit at the edge of a LAN where it meets the
    internet,..they are not designed to sit in the middle of the LAN between
    Hosts. Besides that you shouldn't even be looking at Layer3 & 4 for a
    solution to this anyway.

    You're taking the wrong approach,...and probably so is the person asking you
    to do this. The security of the Server comes from the Server itself. You
    don't access "Servers",...you access *Resources* that are on Servers. The
    access to the Resources (whatever that might be) is controlled by the
    Server's file system permissions or the Application on the server that makes
    the resources available.

    File Access is controlled by NTFS permissions
    Web site access is controlled by IIS and NTFS permissions
    FTP site access is controlled by IIS and NTFS permissions also
    Database access is controlled by the Database Engine and the Application
    that makes use of the Data.

    ........it ain't about "firewalls" and blocking network traffic.....

    Now, with that said, you can setup a "guest" network by creating a "hot
    spot" that lives on its own subnet. Access is controlled by the LAN Router
    (not a firewall) and you would use ACLs on the LAN Router to cut off the
    Guest segment from the rest of the LAN except for allowing HTTP, HTTPS, FTP
    to the Firewall Device,...or you could just allow anything to go as long as
    it only goes from the Client throught the LAN Router to the Firewall and out
    to the Net. But this is *not* the way you would handle your own users.

    When I setup a Guest segment here it is completely out on the Public side of
    the LAN outside the Firewall and uses it's own separate [and cheap] firewall
    to give the guest some protection and to prevent them from eating up my
    public addresses.

    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    Phillip Windell, Oct 11, 2007
  4. Hi
    For regular Access Point you need to install a RADIUS Server.
    RADIUS is sitting on the general server and can be configure to control the
    Wireless log on to the Network.
    Microsoft rendition of RADIUS,
    In General, http://www.wi-fiplanet.com/news/article.php/3089211
    There are also Access Point that have a form of logon in hardware look for
    it on www.cisco.com
    You have to research both options and decide which one is better for your
    specific needs.
    Jack (MVP-Networking).
    Jack \(MVP-Networking\)., Oct 12, 2007
  5. adamgilldo

    adamgilldo Guest

    Thanks for your ideas guys, much appreciated. That's made things a lot
    clearer. Sorry I wasn't clear, the key thing he wants is wireless
    users to be able to access files on a server and be able to print, but
    nothing else. I'll put the ideas to my boss and see what he says.
    adamgilldo, Oct 12, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.