Tuesday, April 30, 2013

Offloading your guest WLAN onto local cable/DSL/FiOS

This is the first post of several posts describing how to offload your guest WLAN internet traffic from your backbone and out a local internet provider.  Why would you want to do this?  If you have a corporate WLAN and are tunneling your guest traffic over the leased lines, your guest traffic could quite easily exceed your production traffic.

 

First of all, you may be tempted to use the DHCP server on the ASA5505 appliance.  Although this can be done, it would be nice if you could use your corporate DHCP services that are already in place.  Let’s start at the bottom – as if you have never administered a Windows DHCP server and go all the way to the end – with offloading your traffic.  Note – this the first of several blog posts.

 

First, this post explains how to install the admin pack for Windows 7 machines and start using it.  This will allow you to manage the DHCP server function that runs on the Windows 2003/2008 servers.

 

Administration pack tools do not come with Windows 7. You have to download it from Microsoft site and install it.  This administration tools pack allows you to do most of the Windows 2003, Windows 2008 and Windows 2008 R2 server tasks from your Window7 computer.

 

DHCP manager is one of the admin pack tools to manage DHCP servers and it allows you to do it right from your workstation.  Installing Admin or administrators pack on Windows 7 is slightly different than earlier versions of Windows.

 

Steps for installing Admin pack on Windows 7 Professional, Enterprise, or Ultimate editions.

 

Download the server administration pack here:  http://www.microsoft.com/en-us/download/details.aspx?id=7887

 

After downloading, Start the installation. Yes for Install update.

 

 

Once successfully installed, next screen shows how to install each feature of admin pack tool.  Without doing the following steps you can’t find any of the administration tools in program files or control panel. Close the screen and go to control panel. 

 

Go to Programs and features. Select Turn Windows features on or off then select Remote Server Administration Tools as shown below. (blue and yellow icon)

 

 

 

You must be in administrator group or administration tasks privilege should have been given to perform some of server tasks. In this example I select DHCP server Tools which help to manage multiple DHCP servers from my Windows 7 computer.

 

Press OK.

 

The newly added administrative pack tool feature can be found under Administrative Tools in Windows 7. (your window may look differently than mine)

 

Now we are going to add a DHCP server so we can add a new DHCP scope.

 

Click on Administrative Tools.

 

 

 

The  Administrative Tools window pops up:

 

 

 

Double click DHCP and the following window pops up:

 

 

 

Click on Action -à Add Server….  (sorry for the blur – it was necessary in this case)

 

 

Choose the existing DHCP server that you want to create a DHCP scope on.  In this example, I am creating a scope for the guest wireless internet users in our fictitious Redmond, WA, office.

 

 

 

The DHCP server has now been added so you can be an Administrator.

 

 

Now I am going to create a new DHCP scope.

 

Next, click on Action à New Scope… and the “Welcome to the New Scope Wizard box pops up”.

 

 

 

 

Click Next and Enter in the name of the scope you are creating.

 

 

 

Click Next and enter in the range of IP addresses that you want to hand out.

 

 

 

 

Click Next and enter in any IP addresses you do NOT want to hand out.  You might need this if you have some static IP addresses somewhere on the subnet.  In this example there are not exclusions.

 

 

 

Click Next.  I am setting up the lease time for two hours since the guest network is for transient clients.

 

 

 

Click Next.  You will need to set up some options, such as the DNS server and gateway you want the clients to use.

 

 

 

Click Next, and enter is the router’s IP address that you want the clients to use as their gateway.

 

 

 

Click Next.  This one is tricky.  Since the guest network is not on the production network (and tied to a DSL/Cable/FiOS circuit) you will not want to use the corporate DNS servers which are inside your network since they will not be reachable by the client devices.  In this example, I am adding 8.8.8.8, which is Google’s public DNS servers.  They are accessible from the circuit outside of the network – and most likely your home, too!

 

 

 

Click Next… nothing to do here.

 

 

 

 

Click Next.  Yes, you want to activate the scope now.

 

 

 

Click Finish.  Now you’re done.

 

 

 

Now you are finished.  If your network is all built and clients are waiting, you can browse to the scope you just created and look at the Address Leases folder.  In the middle pane you should see new leases being handed out.

 

 

 

Congratulations!