Main Nav

As much as I hate it, I’ve been told to setup an open wireless network for our campus.  I created a vlan with access lists that deny  all traffic to inside our network, and created the open SSID to put on it.  Traffic can flow freely now from the open wireless to the internet.

 

However, I’m using a public DNS for the clients and they’re unable to reach our locally hosted (NAT’d) web servers.  We’re currently using a Cisco ASA at the edge of our network which does all of our NAT’ing.  I could open up the VLAN access list a bit and allow them access to our internal DNS & web servers, but I’d rather not.

 

Has anyone run into this issue before?  What’s the “best practices” at this point… other than removing the public network in the first place! 

 

Thanks in advance,

 

Allen

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Allen,

 

I do not know what system you are using for wireless. Here at Liberty University, out current Guest wireless system with Aruba is setup much like the Cisco recommended system.

 

Guest traffic is tunneled from our local controllers to a guest anchor controller that is in a DMZ. The network firewall rules then determine what minimal inside access is allowed. Our local controllers present a captive portal page that users need to click through to accept our terms of service

 

Aruba’s general recommended setup uses the controller firewall to restrict inside access, as necessary.

 

We will be moving some of our guest wireless access to a sponsored modes, using the Aruba ClearPass Guest (formerly Amigopod) system.

 

Regards,

 

Bruce Osborne

Network Engineer

IT Network Services

 

(434) 592-4229

 

LIBERTY UNIVERSITY

Training Champions for Christ since 1971

 

Allen

 

We have a separate DNS server in our DMZ just for guest wireless.  That gives us the control to point users at the public or private IPs of necessary servers, as well as access to non-publicly advertised sites if any are needed. 

 

But as Bruce described, having a controller interface or anchor controller in a DMZ, is what brings it together. 

 

 

Wyatt Schill

Network Engineer

Green River CC

 

 

 

Close
Close


EDUCAUSE Connect
View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.