[Michlib-l] segmenting public and staff networks

Helen Dewey rhdewey at charter.net
Mon Apr 13 13:41:37 EDT 2015


I can see I wasn’t clear in my description of my segmenting problem.
I have both staff and public PC’s on the same wired connection to the Internet. Everything comes in on the same cable modem.  To keep the public from printing on the staff-only printer, I have to connect it by USB to one staff PC and let the other staff PC’s print to it as part of their homegroup privileges.
Yes, I also want to keep wireless traffic away from the staff network.  For that, I have an unsecured guest wireless network for the public, and I think that is working to keep them separate.  The staff wireless is password protected.
Helen

Helen Dewey
Accidental Techie
Benzonia Public Library Board
rhdewey at charter.net
From: Mark Ehle 
Sent: Monday, April 13, 2015 1:06 PM
To: Christian Dunham 
Cc: Michlib-l 
Subject: Re: [Michlib-l] segmenting public and staff networks

In order to keep wireless traffic away from the staff network, you will still need a firewall/router. A network-savy person on a wireless device could possibly still access all the staff side stuff through a switch.


On Mon, Apr 13, 2015 at 11:23 AM, Christian Dunham <christian at carolibrary.org> wrote:

  Depends on your specific needs, but for run-of-the-mill, the easiest way to accomplish this with standard equipment is a subnet: http://en.wikipedia.org/wiki/Subnetwork



  Very simplistically, all computers have an IP address. All computers that talk to each other are on the same subnet (if a computer’s IP address is 192.168.0.5, the subnet is “0”). If you setup your Wi-Fi router/access point to distribute addresses to Wi-Fi computers on a separate subnet (say 192.168.1.5, the subnet is “1”), then any computers with the different 0/1 subnets cannot talk to each other. 



  This configuration is greatly different depending on your hardware, but usually you can do it without spending a lot of money on expensive equipment. Here’s a more complicated explanation with graphics: http://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wireless-access



  Christian Dunham

  Caro Area District Library

  989-673-4329 x 106

  christian at carolibrary.org



  From: michlib-l-bounces at mcls.org [mailto:michlib-l-bounces at mcls.org] On Behalf Of Mimi Herrington
  Sent: Thursday, April 9, 2015 8:53 PM
  To: Helen Dewey; Bruce MacDonald


  Cc: Michlib-l
  Subject: Re: [Michlib-l] segmenting public and staff networks


  We were provided a free internet drop by Comcast because we’re a library.  We used that drop for wi-fi to the public for laptops and devices and it was separate from our internet to the public and staff computers.  The public and staff internet connection is a static IP and the public wi-fi is not.



  Mimi Herrington, Director
  Bad Axe Area District Library
  200 S. Hanselman Street
  Bad Axe, MI 48413
  989.269.8538 (Phone)
  989.269.2411 (Fax)
  www.badaxelibrary.org



  From: Helen Dewey 

  Sent: Thursday, April 09, 2015 6:13 PM

  To: Bruce MacDonald 

  Cc: Michlib-l 

  Subject: Re: [Michlib-l] segmenting public and staff networks



  Bruce,

  I have been trying to find a way to separate the staff network from the public network, but I have not found a solution which lets us use only one broadband cable feed.  When I tried a switch and 2 routers (diagram I found online), the 2 networks were fighting each other for the Internet network feed.

  I would greatly appreciate being pointed to information which would help me segment the networks.



  Helen Dewey

  Accidental Techie

  and
  Benzonia Public Library Board Treasurer
  rhdewey at charter.net



  From: Bruce MacDonald 

  Sent: Thursday, April 09, 2015 4:00 PM

  To: Ms. TJ Smith 

  Cc: Michlib-l 

  Subject: Re: [Michlib-l] torrenting wireless policies/suggestions?



  Using your connection to pirate movies not only slows your network, but could land a library in hot water with the RIAA, who can report the activity to your internet service provider.

  Even though our wifi requires no password, we do have a "captive portal" system in place to display our wireless policy. There are many other options to do this.
  http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-important-for-wireless-guest-access

  In the mean-time, you can dig into the settings in your wireless router. I believe you will be able to disable torrenting. Even though there are some legit uses for torrenting files, the vast majority is not traffic you want on your network, and you can possibly deal with exceptions as they come up (if they come up at all).
  http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-router-to-block-access-to-certain-websites

  It sounds as though your staff machines are maybe using the same network connection and hardware as your public machines, and wifi. This could also create security headaches, and you have already seen with bandwidth needs for your ILS strained. Your network should be segmented, with each segment inaccessible to the other. This can be done virtually or physically. There are expensive and inexpensive ways to do it.
  https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/bandwidth-management

  Regards,

  Bruce



  Bruce A. MacDonald
  Assistant Director / Head of Circulation
  Peter White Public Library
  Marquette, Michigan



  On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector at winntel.net> wrote:

    We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO.

    We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle.

    I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime?


    Ms. TJ Smith

    Library Director

    Sherman Township Library

    shermandirector at winntel.net

    (989) 644-5131



    _______________________________________________
    Michlib-l mailing list
    Michlib-l at mcls.org
    http://mail2.mcls.org/mailman/listinfo/michlib-l




------------------------------------------------------------------------------

  _______________________________________________
  Michlib-l mailing list
  Michlib-l at mcls.org
  http://mail2.mcls.org/mailman/listinfo/michlib-l


------------------------------------------------------------------------------

  _______________________________________________
  Michlib-l mailing list
  Michlib-l at mcls.org
  http://mail2.mcls.org/mailman/listinfo/michlib-l


  _______________________________________________
  Michlib-l mailing list
  Michlib-l at mcls.org
  http://mail2.mcls.org/mailman/listinfo/michlib-l





--------------------------------------------------------------------------------
_______________________________________________
Michlib-l mailing list
Michlib-l at mcls.org
http://mail2.mcls.org/mailman/listinfo/michlib-l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail2.mcls.org/pipermail/michlib-l/attachments/20150413/c7259184/attachment.html>


More information about the Michlib-l mailing list