Developer Forum

Hello, I have SBS 2000 setup with dynamic IP, 2 NICs, and
a wireless router. I don't know how to setup the wireless
portion correctly; everything else works.

My ISP assigns a dynamic IP, and the cable modem is
connected to the wireless router. The router has a static
IP of 192.168.1.1 with DHCP off.

SBS 2000 server has a WAN IP of 192.168.1.2 and is
connected to the wireless router.

It also has a LAN IP of 192.168.16.2. DHCP and DNS are on
for this IP.

All clients on the LAN have IP assigned automatically (in
the 192.168.16.x range) and DNS lookup on 192.168.16.2.

All clients can login to the domain when hard-wired, but
not when wireless. How can I make everything work? I would
like to log into the domain wirelssly as well.

Thanks in advance for your help!

I forgot to mention that the server's internal NIC is
connected to a switch, and all clients that are not
wireless are connected to the switch. Sorry about
forgetting to mention that.

would

Stan,
Your network schema should be:

Internet
|
Cable Modem
|
Server External NIC / Server Internal (LAN) NIC
|
Wireless Access Point
|
----------------------------------------------------
| | | | | |
W/S W/S W/S W/S W/S W/S


** Ensure that you configure the WAP for Maximum Security
( as well as that of the LAN ).
--
Henry Craven
--------------
42






---
Outgoing mail has been scanned for Viri and is deemed to be Virus Free.
Checked by AVG anti-virus system ( http://www.yqcomputer.com/ ).
Version: 6.0.525 / Virus Database: 322 - Release Date: 09-Oct-2003

OK Revised Network Diag:

Internet
|
Cable Modem
|
Server External NIC / Server Internal (LAN) NIC
|
Switch
----------------------------------------------------
| | | | |
W/S W/S W/S | W/S
|
Wireless Access Point
|
----------------------------------------------------
| | | |
|
WW/S WW/S WW/S WW/S WW/S


** Ensure that you configure the WAP for Maximum Security
( as well as that of the LAN ).
--
Henry Craven
--------------
42




---
Outgoing mail has been scanned for Viri and is deemed to be Virus Free.
Checked by AVG anti-virus system ( http://www.yqcomputer.com/ ).
Version: 6.0.525 / Virus Database: 322 - Release Date: 09-Oct-2003

Thanks, Henry, for the detailed diagrams! Since my
wireless router has a static IP of 192.168.1.1, I guess I
should use IPs in the LAN like 192.168.1.x, right?

And I should have the server's WAN IP automatically
assigned by my ISP, but point the DNS to 192.168.1.2,
right?

Can my wireless clients have their IPs assigned
automatically? If I point the DNS to the server,
theoretically the wireless clients can only "see" the
wireless router, right?



| |
Point
and
wireless
static
on
(in
but
be Virus Free.
Oct-2003

Response inline...




Right.


Right


If the IP of the Server Internal NIC is 192.168.1.2
Right


Yes.


Not quite sure what you mean by:
"only "see" the wireless router"

The wireless Clients will "See" -any- Wireless access point
within range - Hence "WarDriving" and the need for top
level security as anyone with a Wireless Laptop for instance
outside your offices but within range can also "see" your
Access Point.

...Hence, the need for Top Level Domain security as IEEE
802.11x is inherently "weak" and the WEP Key easily "cracked"
giving access to the network as if they had physically pluged into
your Lan.

The WWSs will "See" your network as if wired to it as per your
other (Wired) Workstations.


--
Henry Craven
--------------
Only 10 people understand Binary.
Those that do and those that don't.


---
Outgoing mail has been scanned for Viri and is deemed to be Virus Free.
Checked by AVG anti-virus system ( http://www.yqcomputer.com/ ).
Version: 6.0.525 / Virus Database: 322 - Release Date: 09-Oct-2003

i Henry:

A question... (BTW, I've never actually set one of these up for a client):

Stanley indicates that he currently has a wireless "router". Your diagram
speaks to an "Access Point", which I believe would be a solution here. Did
you mean to indicate to Stanley that he should (could) use the present
wireless router between his external NIC and his cable modem (as an added
measure of security for the network and so he doesn't have to "shelve" this
device) and then buy a wireless Access Point to use with the wireless
workstations, since an Access Point acts like a switch for wireless devices?

Or, maybe you meant that Stanley should just dump the wireless router and
buy an Access Point. In any event, the key to getting this network
configuration to work seamlessly with the SBS server seems to be the Access
Point.

--
Merv Porter [SBS MVP]
===================================
"Henry Craven" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...

erv, Henry-

My wireless router is a Linksys product. It's a
combination unit that functions as a wireless access point
(802.11b), as a 4-port router, and as a switch. It
supposedly works as a firewall, too, if you have the
software for it. I was thinking that since I don't have
too many computers on my network, and since my router
functions as a switch, too, I could shelve the switch
until I needed more ports.

It seems that in order for all my client workstations to
log into the domain successfully, my wireless router
should be attached to the internal NIC on my SBS, not to
the external NIC.

up for a client):
wireless "router". Your diagram
solution here. Did
use the present
modem (as an added
have to "shelve" this
the wireless
for wireless devices?
wireless router and
this network
seems to be the Access
message
| |
Point
| |
Security
NICs, and
wireless
static
are on
automatically (in
192.168.16.2.
but
to be Virus Free.
(http://www.grisoft.com).
09-Oct-2003

Wireless Router will work just fine as an Access Point only,
so no need to s *** it. In fact we've set up a couple where the
Dell TrueMobile came with the laptop. ( ..and I'm sitting on
just such a config now.)

In all cases there as an extant FW-Router between the modem
and External NIC, so while there is an argument for setting up
the Wireless Access Point (/Router) in a DMZ outside of the
LAN firewall (ISA) I haven't found a need to, haven't really
explored or tested it, and (knock on wood) haven't had any
problems. So far.

--
Henry Craven
-------------------
31 Oct = 25 Dec



client):
diagram
Did
added
this
devices?
and
Access




---
Outgoing mail has been scanned for Viri and is deemed to be Virus Free.
Checked by AVG anti-virus system ( http://www.yqcomputer.com/ ).
Version: 6.0.525 / Virus Database: 322 - Release Date: 09-Oct-2003

Response inline ..




Sure. When you need to just plug the switch into the Linksys


...well, it's not the -only- way. ( and I'm a bit surprised that
others haven't provided alternate schemas already )

Another would be to have the Linksys between the Broadband
Modem and the external NIC ( WWSs on the same subnet as the
external NIC ), and have the WWS users use a VPN to access
the internal network.

This looks "Messy" to me, and as I say I haven't tried or tested it.
- Not sure what all the Security / User implications of it would be
or the Pros and Cons compared to the setup I described where
users log-on to the Domain as they would if they were wired to it.

Something I'll no doubt have to get around to, ..but not today. :-)

There are possibly other scenarios as well, and enhancements to the
security via Key Rotation and the Wireless Security Update for XP.

Perhaps someone with more experience here would like to chip in.

--
Henry Craven.
---------------
2b XOR 2b




---
Outgoing mail has been scanned for Viri and is deemed to be Virus Free.
Checked by AVG anti-virus system ( http://www.yqcomputer.com/ ).
Version: 6.0.525 / Virus Database: 322 - Release Date: 09-Oct-2003