[Michlib-l] segmenting public and staff networks

Mark Ehle mehle at willardlibrary.org
Mon Apr 13 13:06:18 EDT 2015 

In order to keep wireless traffic away from the staff network, you will
still need a firewall/router. A network-savy person on a wireless device
could possibly still access all the staff side stuff through a switch.

On Mon, Apr 13, 2015 at 11:23 AM, Christian Dunham <
christian at carolibrary.org> wrote:

> Depends on your specific needs, but for run-of-the-mill, the easiest way
> to accomplish this with standard equipment is a subnet:
> http://en.wikipedia.org/wiki/Subnetwork
>
>
>
> Very simplistically, all computers have an IP address. All computers that
> talk to each other are on the same subnet (if a computer’s IP address is
> 192.168.0.5, the subnet is “0”). If you setup your Wi-Fi router/access
> point to distribute addresses to Wi-Fi computers on a separate subnet (say
> 192.168.1.5, the subnet is “1”), then any computers with the different 0/1
> subnets cannot talk to each other.
>
> This configuration is greatly different depending on your hardware, but
> usually you can do it without spending a lot of money on expensive
> equipment. Here’s a more complicated explanation with graphics:
> http://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wireless-access
>
>
>
> Christian Dunham
>
> Caro Area District Library
>
> 989-673-4329 x 106
>
> christian at carolibrary.org
>
>
>
> *From:* michlib-l-bounces at mcls.org [mailto:michlib-l-bounces at mcls.org] *On
> Behalf Of *Mimi Herrington
> *Sent:* Thursday, April 9, 2015 8:53 PM
> *To:* Helen Dewey; Bruce MacDonald
>
> *Cc:* Michlib-l
> *Subject:* Re: [Michlib-l] segmenting public and staff networks
>
>
>
> We were provided a free internet drop by Comcast because we’re a library.
> We used that drop for wi-fi to the public for laptops and devices and it
> was separate from our internet to the public and staff computers.  The
> public and staff internet connection is a static IP and the public wi-fi is
> not.
>
>
>
> Mimi Herrington, Director
> Bad Axe Area District Library
> 200 S. Hanselman Street
> Bad Axe, MI 48413
> 989.269.8538 (Phone)
> 989.269.2411 (Fax)
> www.badaxelibrary.org
>
>
>
> *From:* Helen Dewey <rhdewey at charter.net>
>
> *Sent:* Thursday, April 09, 2015 6:13 PM
>
> *To:* Bruce MacDonald <bmacdona at gmail.com>
>
> *Cc:* Michlib-l <michlib-l at mcls.org>
>
> *Subject:* Re: [Michlib-l] segmenting public and staff networks
>
>
>
> Bruce,
>
> I have been trying to find a way to separate the staff network from the
> public network, but I have not found a solution which lets us use only one
> broadband cable feed.  When I tried a switch and 2 routers (diagram I found
> online), the 2 networks were fighting each other for the Internet network
> feed.
>
> I would greatly appreciate being pointed to information which would help
> me segment the networks.
>
>
>
> Helen Dewey
>
> Accidental Techie
>
> and
> Benzonia Public Library Board Treasurer
> rhdewey at charter.net
>
>
>
> *From:* Bruce MacDonald <bmacdona at gmail.com>
>
> *Sent:* Thursday, April 09, 2015 4:00 PM
>
> *To:* Ms. TJ Smith <shermandirector at winntel.net>
>
> *Cc:* Michlib-l <michlib-l at mcls.org>
>
> *Subject:* Re: [Michlib-l] torrenting wireless policies/suggestions?
>
>
>
> Using your connection to pirate movies not only slows your network, but
> could land a library in hot water with the RIAA, who can report the
> activity to your internet service provider.
>
> Even though our wifi requires no password, we do have a "captive portal"
> system in place to display our wireless policy. There are many other
> options to do this.
>
> http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-important-for-wireless-guest-access
>
> In the mean-time, you can dig into the settings in your wireless router. I
> believe you will be able to disable torrenting. Even though there are some
> legit uses for torrenting files, the vast majority is not traffic you want
> on your network, and you can possibly deal with exceptions as they come up
> (if they come up at all).
>
> http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-router-to-block-access-to-certain-websites
>
> It sounds as though your staff machines are maybe using the same network
> connection and hardware as your public machines, and wifi. This could also
> create security headaches, and you have already seen with bandwidth needs
> for your ILS strained. Your network should be segmented, with each segment
> inaccessible to the other. This can be done virtually or physically. There
> are expensive and inexpensive ways to do it.
>
> https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/bandwidth-management
>
> Regards,
>
> Bruce
>
>
>
> Bruce A. MacDonald
> Assistant Director / Head of Circulation
> Peter White Public Library
> Marquette, Michigan
>
>
>
> On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector at winntel.net>
> wrote:
>
> We have been seeing a large increase in internet traffic and our wireless
> setup is simply not holding up. A particular problem is patrons using our
> wireless for torrents. Do any of you have policies in place regarding a
> limit on high-bandwidth activities? It is frustrating for our other
> patrons, many of whom are using the connection for schooling and business
> purposes, not to mention the staff trying to use VERSO.
>
> We currently have 6MB service through our provider (the highest package
> offered in our area) connected to an old router and switch. We have 5
> public computers, one catalog computer, and one staff station all
> direct-wired through the switch and at any given time 2-10 wireless devices
> attached. Our current router is a Netgear N300 WNR2000v2. We're looking to
> upgrade and add a wireless access point to allow us better control, but
> that does not make our current situation any easier to handle.
>
> I've been setting the lowest priority QoS for the torrent users when
> possible to try to make the connection usable by other patrons. Does anyone
> have any tips on how we can better get by in the meantime?
>
>
> Ms. TJ Smith
>
> Library Director
>
> Sherman Township Library
>
> shermandirector at winntel.net
>
> (989) 644-5131
>
>
>
> _______________________________________________
> Michlib-l mailing list
> Michlib-l at mcls.org
> http://mail2.mcls.org/mailman/listinfo/michlib-l
>
>
> ------------------------------
>
> _______________________________________________
> Michlib-l mailing list
> Michlib-l at mcls.org
> http://mail2.mcls.org/mailman/listinfo/michlib-l
> ------------------------------
>
> _______________________________________________
> Michlib-l mailing list
> Michlib-l at mcls.org
> http://mail2.mcls.org/mailman/listinfo/michlib-l
>
> _______________________________________________
> Michlib-l mailing list
> Michlib-l at mcls.org
> http://mail2.mcls.org/mailman/listinfo/michlib-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail3.mcls.org/pipermail/michlib-l/attachments/20150413/060b4a62/attachment.html>

More information about the Michlib-l mailing list