Mike Webb 
United States
Member since
3/31/2005
Registered Users
Posts: 163
 |
| 9/10/2007 05:46 PM |
|
Network is MS Small Business Server 2003 Premium, with ISA 2004 SP2 as the firewall. internal NIC runs through a D-Link DES-3828 L2/L3 managed switch, where I've setup 3 VLAN's - default, LAN and Guest. AP's are D-Link DWL-2200AP's. I have a single AP working now while I troubleshoot the others. This one is wired to the switch on Port 5; internal NIC is on Port 2. The AP has MSSID's and VLAN's enabled. Primary SSID has WPA2-Personal authentication set, and is tied to VLAN 2 (which allows LAN access by tagged ports on 2 and 5 and all other ports enabled). The other SSID is for Guests and does NOT have authentication set., and is tied to VLAN 3 (which has ports 2 and 5 tagged and all others set to Forbidden).
Problem: Guests using IE7 or Mozilla's Firefox are prompted by a login window on access a webpage; this is for the proxy. They shouldn't be prompted, so why would this be happening? ( I'm making the assumption that ISA is the cause.)
[Also posted on microsoft.public.windows.networking.wireless newsgroup.]
|
|
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit organization
Nebraska, USA |
|
|
|
Mariette Knap
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 12894
|
|
Mike Webb
United States
Member since
3/31/2005
Registered Users
Posts: 163
|
| 9/10/2007 05:55 PM |
|
Thanks for the quick reply. That should do it.
You surprised me with the statement that SBS does not support VLANs. I thought about it and it makes sense. As I understand it now, SBS does not have "obvious" means to support VLAN's; you have to do "work-arounds" to get it to function. Is that right?
|
|
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit organization
Nebraska, USA |
|
|
|
Mariette Knap
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 12894
|
| 9/10/2007 05:58 PM |
|
Mike,
All wizards will break when you install VLans. If you know what you are doing (and I know you are  ) you should be able to get it right... |
|
| Mariëtte Knap Smallbizserver.Net Administrator | Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain' |
|
|
|
|
Mariette Knap
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 12894
|
| 9/10/2007 06:06 PM |
|
You may also want to have a look at the type of authentication set in your web proxy. If it is set to integrated it also prompts for a password, if is set for basic it will allow anonymous traffic to flow first:
|
|
| Mariëtte Knap Smallbizserver.Net Administrator | Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain' |
|
|
|
|
Mike Webb
United States
Member since
3/31/2005
Registered Users
Posts: 163
|
| 9/10/2007 06:08 PM |
|
Wow! I didn't know that. I just figured I'd have to reconfigure a few items whenever I run CEICW.
None of my domain computers or laptops/notebooks are running wireless, so VLAN's aren't affecting them - directly.
As for me knowing what I'm doing, well ... I'm trying and learning. I've read and re-read Owen William's paper on setting up secure wireless, and exchanged a few emails with him about it. I've also read and re-read the MS whitepaper on the subject. My situation doesn't quite fit those scenario's, so I have experimented with ways to (hopefully) make it work. My big advantage is that we are on a remote ranch in a rural part of the state at least 1 mile from the nearest neighbor. All visitors who ask for wireless access are known to us, so I don't have to really worry about hackers.
|
|
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit organization
Nebraska, USA |
|
|
|
Mike Webb
United States
Member since
3/31/2005
Registered Users
Posts: 163
|
| 9/10/2007 06:14 PM |
|
| Great point! I did not have Require all users to authenticate checked, but did have Integrated checked. I un-selected it and checked Basic.
|
|
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit organization
Nebraska, USA |
|
|
|