Community discussions

MikroTik App
 
Yeehaa
just joined
Topic Author
Posts: 14
Joined: Tue Feb 04, 2014 8:35 am

HELP with configuration

Tue Feb 04, 2014 8:40 am

Hello, folks!

I am a newbie in RouterOS.

I need help, how to configure my RB433 with RouterOS 4.11

So, I have a router and a windows server 2003 with active directory. I'd like to configure that only users logged in in active directory can use internet.
Also there is an external AP for a guest network wifi. This one must have internet access but no access to internal resources.

Any suggestions / how-to?
 
User avatar
AnRkey
Member Candidate
Member Candidate
Posts: 119
Joined: Tue Sep 15, 2009 6:01 pm

Re: HELP with configuration

Wed Feb 05, 2014 2:58 pm

You need Microsoft Forefront for the active directory control. The MSFF server is joined to the domain and then you can use toys like group policy for the rest.

For your guest wifi network, read up on walled gardens. It's in the Wiki. When you have specific questions, post them here and then maybe you can be helped a bit more.

Good luck ;)
MTCNA
 
Yeehaa
just joined
Topic Author
Posts: 14
Joined: Tue Feb 04, 2014 8:35 am

Re: HELP with configuration

Wed Feb 05, 2014 3:13 pm

Thanks!

Is it possible to do without ForeFront, but use instead IAS and RADIUS?

And for a guest network, may be that could be done with VLAN?
 
User avatar
AnRkey
Member Candidate
Member Candidate
Posts: 119
Joined: Tue Sep 15, 2009 6:01 pm

Re: HELP with configuration

Wed Feb 05, 2014 3:53 pm

Thanks!

Is it possible to do without ForeFront, but use instead IAS and RADIUS?

And for a guest network, may be that could be done with VLAN?
IAS? Do you mean ISA? If so, then yes, you can use ISA as it is an older family member of MSFF.

You can use VLANs for the wifi but I'm not sure how your setup would work. Usually VLANs are used to separate traffic in a network. If your switches have 802.1Q support, then you could set the MT to be the router and control all the VLANs that way. This might complicate things for you though.

A simpler way would be to plug the wireless network in to a dedicated port on the MT and set up the hotspot on that dedicated port. You can then use firewall rules to block access to your LAN from the hotspot.
MTCNA
 
Yeehaa
just joined
Topic Author
Posts: 14
Joined: Tue Feb 04, 2014 8:35 am

Re: HELP with configuration

Wed Feb 05, 2014 4:04 pm

Thanks!

Yes, I mean ISA.

Do the MS ForeFront is built in Windows Server?

Actually I have two MT routers - one as router (RB433), another as AP (RB951G-2HnD) at the moment. I would like to separate the guest network from internal network. So, my idea is to make a VLAN between both MT routers.

The problem is that both routers are in a different places at the building, so this is impossible to have another wire to connect them just for the guest network.

Could you help me with the configuration?

Who is online

Users browsing this forum: anav, k6ccc, Southweave and 43 guests