I've been asked to research a wireless access point that can limit
access to a server. Does such a thing even exist? If so, any
suggestions on decent ones? Or would it be easier to purchase a WAP
and a firewall?

Thanks.

I am not sure I understand the question. Assuming you want wireless users
access the Internet only not the LAN, you may setup a VLAN. A good example
is Cisco 1200 AP.

Show quoteHide quote

<adamgil***@hotmail.com> wrote in message
Doubtfull

No.
Firewalls are designed to sit at the edge of a LAN where it meets the
internet,..they are not designed to sit in the middle of the LAN between
Hosts.  Besides that you shouldn't even be looking at Layer3 & 4 for a
solution to this anyway.

You're taking the wrong approach,...and probably so is the person asking you
to do this.  The security of the Server comes from the Server itself.   You
don't access "Servers",...you access *Resources* that are on Servers.  The
access to the Resources (whatever that might be) is controlled by the
Server's file system permissions or the Application on the server that makes
the resources available.

File Access is controlled by NTFS permissions
Web site access is controlled by IIS and NTFS permissions
FTP site access is controlled by IIS and NTFS permissions also
Database access is controlled by the Database Engine and the Application
that makes use of the Data.

        ........it ain't about "firewalls" and blocking network traffic.....

Now, with that said, you can setup a "guest" network by creating a "hot
spot" that lives on its own subnet.  Access is controlled by the LAN Router
(not a firewall) and you would use ACLs on the LAN Router to cut off the
Guest segment from the rest of the LAN except for allowing HTTP, HTTPS, FTP
to the Firewall Device,...or you could just allow anything to go as long as
it only goes from the Client throught the LAN Router to the Firewall and out
to the Net.  But this is *not* the way you would handle your own users.

When I setup a Guest segment here it is completely out on the Public side of
the LAN outside the Firewall and uses it's own separate [and cheap] firewall
to give the guest some protection and to prevent them from eating up my
public addresses.

Hi
For regular Access Point you need to install a RADIUS Server.
RADIUS is sitting on the general server and can be configure to control the
Wireless log on to the Network.
Microsoft rendition of RADIUS,
http://www.microsoft.com/technet/community/chats/trans/isa/isa0316.mspx
In General, http://www.wi-fiplanet.com/news/article.php/3089211
There are also Access Point that have a form of logon in hardware look for
it on www.cisco.com
You have to research both options and decide which one is better for your
specific needs.
Jack (MVP-Networking).


<adamgil***@hotmail.com> wrote in message
Show quoteHide quote

On 12 Oct, 00:08, "Jack \(MVP-Networking\)."
<j***@discussiongroup.com> wrote:
Show quoteHide quoteThanks for your ideas guys, much appreciated. That's made things a lot
clearer. Sorry I wasn't clear, the key thing he wants is wireless
users to be able to access files on a server and be able to print, but
nothing else. I'll put the ideas to my boss and see what he says.

Guest VLAN can connect but can't get an IP
BSOD when enabling wireless
Wireless Network in Office for add'l pcs
Re: Laptops and Tablets Cannot Logon to Domain
Sharing files.