We are a charity school in Phnom Penh, Cambodia and would like to lock down our internal network (wired network and WiFi network) with a lot more finesse than currently being implemented. Our WiFi network is using Unifi equipment and our LAN (across three campuses and 2 cities) uses all MikroTik equipment.
We have recently moved to Zentyal (Linux) as a replacement for all of our Windows Servers.
We are looking for a consultant who can help us (remotely) configure our MikroTik equipment so we can establish authentication of our LAN users and WiFi users using Radius and LDAP. We currently have 4 VLANs on the WiFi to segregate guests, primary students, senior students and staff. We also have multiple VLANs on our wired network which further segregates our network so that servers and other user types can be assigned different levels of access to the network and different levels of internet access & bandwidth.
Problems:
- Too many BYOD (bring your own device) and not possible to manually allow/block based on MAC
- Passwords are not effective to keep students on their own VLAN
- Using port configurations to control what VLAN each user accesses. Problematic if IT or staff want to use Student and Lab computers or vice versa
- Audits are difficult when we don’t know who is using a specific port/device
Suggestions and help most urgently sought and appreciated. I should point out again that we are a charity school so budgets are limited.