<div dir="ltr">In order to properly separate the networks, you will need a firewall/router. No other way around it. What device does your cable modem plug into?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 13, 2015 at 1:41 PM, Helen Dewey <span dir="ltr"><<a href="mailto:rhdewey@charter.net" target="_blank">rhdewey@charter.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div style="FONT-SIZE:12pt;FONT-FAMILY:'Times New Roman';COLOR:#000000">
<div>I can see I wasn’t clear in my description of my segmenting problem.</div>
<div>I have both staff and public PC’s on the same <u>wired</u> connection to
the Internet. Everything comes in on the same cable modem. To keep the
public from printing on the staff-only printer, I have to connect it by USB to
one staff PC and let the other staff PC’s print to it as part of their homegroup
privileges.</div>
<div>Yes, I also want to keep wireless traffic away from the staff
network. For that, I have an unsecured guest wireless network for the
public, and I think that is working to keep them separate. The staff
wireless is password protected.</div>
<div>Helen</div><span class="HOEnZb"><font color="#888888">
<div> </div>
<div style="FONT-SIZE:12pt;FONT-FAMILY:'Times New Roman';COLOR:#000000">Helen
Dewey</div>
<div style="FONT-SIZE:12pt;FONT-FAMILY:'Times New Roman';COLOR:#000000">Accidental
Techie<br>Benzonia Public Library Board<br><a href="mailto:rhdewey@charter.net" target="_blank">rhdewey@charter.net</a></div>
</font></span><div><span class="HOEnZb"><font color="#888888">
<div style="FONT-SIZE:small;TEXT-DECORATION:none;FONT-FAMILY:"Calibri";FONT-WEIGHT:normal;COLOR:#000000;FONT-STYLE:normal;DISPLAY:inline"><font face="Times New Roman"></font></div>
</font></span><div style="FONT:10pt tahoma"><span class="HOEnZb"><font color="#888888">
</font></span><div style="BACKGROUND:#f5f5f5"><span class="HOEnZb"><font color="#888888">
<div><b>From:</b> <a title="mehle@willardlibrary.org" href="mailto:mehle@willardlibrary.org" target="_blank">Mark Ehle</a> </div>
<div><b>Sent:</b> Monday, April 13, 2015 1:06 PM</div>
<div><b>To:</b> <a title="christian@carolibrary.org" href="mailto:christian@carolibrary.org" target="_blank">Christian Dunham</a> </div></font></span><div><div class="h5">
<div><b>Cc:</b> <a title="michlib-l@mcls.org" href="mailto:michlib-l@mcls.org" target="_blank">Michlib-l</a> </div>
<div><b>Subject:</b> Re: [Michlib-l] segmenting public and staff
networks</div></div></div></div></div>
<div> </div></div><div><div class="h5">
<div style="FONT-SIZE:small;TEXT-DECORATION:none;FONT-FAMILY:"Calibri";FONT-WEIGHT:normal;COLOR:#000000;FONT-STYLE:normal;DISPLAY:inline">
<div dir="ltr">In order to keep wireless traffic away from the staff network, you
will still need a firewall/router. A network-savy person on a wireless device
could possibly still access all the staff side stuff through a switch.<br></div>
<div class="gmail_extra">
<div> </div>
<div class="gmail_quote">On Mon, Apr 13, 2015 at 11:23 AM, Christian Dunham <span dir="ltr"><<a href="mailto:christian@carolibrary.org" target="_blank">christian@carolibrary.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid">
<div vlink="purple" link="blue" lang="EN-US">
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black">Depends on your
specific needs, but for run-of-the-mill, the easiest way to accomplish this
with standard equipment is a subnet: <a href="http://en.wikipedia.org/wiki/Subnetwork" target="_blank">http://en.wikipedia.org/wiki/Subnetwork</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black"><u></u><u></u></span> </p>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black">Very
simplistically, all computers have an IP address. All computers that talk to
each other are on the same subnet (if a computer’s IP address is 192.168.0.5,
the subnet is “0”). If you setup your Wi-Fi router/access point to distribute
addresses to Wi-Fi computers on a separate subnet (say 192.168.1.5, the subnet
is “1”), then any computers with the different 0/1 subnets cannot talk to each
other. <br><br><u></u><u></u></span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black">This
configuration is greatly different depending on your hardware, but usually you
can do it without spending a lot of money on expensive equipment. Here’s a
more complicated explanation with graphics: <a href="http://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wireless-access" target="_blank">http://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wireless-access</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black"><u></u><u></u></span> </p>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black">Christian
Dunham<u></u><u></u></span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black">Caro Area
District Library<u></u><u></u></span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black"><a href="tel:989-673-4329%20x%20106" value="+19896734329" target="_blank">989-673-4329 x 106</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black"><a href="mailto:christian@carolibrary.org" target="_blank">christian@carolibrary.org</a><u></u><u></u></span></p></div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Bookman Old Style","serif";COLOR:black"><u></u><u></u></span> </p>
<div>
<div style="BORDER-TOP:#e1e1e1 1pt solid;BORDER-RIGHT:medium none;BORDER-BOTTOM:medium none;PADDING-BOTTOM:0in;PADDING-TOP:3pt;PADDING-LEFT:0in;BORDER-LEFT:medium none;PADDING-RIGHT:0in">
<p class="MsoNormal"><b><span style="FONT-SIZE:11pt;FONT-FAMILY:"Calibri","sans-serif"">From:</span></b><span style="FONT-SIZE:11pt;FONT-FAMILY:"Calibri","sans-serif""> <a href="mailto:michlib-l-bounces@mcls.org" target="_blank">michlib-l-bounces@mcls.org</a> [mailto:<a href="mailto:michlib-l-bounces@mcls.org" target="_blank">michlib-l-bounces@mcls.org</a>] <b>On Behalf Of </b>Mimi
Herrington<br><b>Sent:</b> Thursday, April 9, 2015 8:53 PM<br><b>To:</b> Helen
Dewey; Bruce MacDonald</span></p>
<div>
<div><br><b>Cc:</b> Michlib-l<br><b>Subject:</b> Re: [Michlib-l]
segmenting public and staff networks<u></u><u></u></div></div></div></div>
<div>
<div>
<p class="MsoNormal"><u></u><u></u> </p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="FONT-SIZE:13.5pt;FONT-FAMILY:"Calibri","sans-serif";COLOR:black">We
were provided a free internet drop by Comcast because we’re a library.
We used that drop for wi-fi to the public for laptops and devices and it was
separate from our internet to the public and staff computers. The public
and staff internet connection is a static IP and the public wi-fi is
not.</span><span style="FONT-SIZE:14pt;FONT-FAMILY:"Calibri","sans-serif";COLOR:black"><u></u><u></u></span></p></div>
<div>
<p class="MsoNormal"><span style="FONT-SIZE:14pt;FONT-FAMILY:"Calibri","sans-serif";COLOR:black"><u></u><u></u></span> </p></div>
<div>
<p class="MsoNormal"><span style="FONT-SIZE:14pt;FONT-FAMILY:"Calibri","sans-serif";COLOR:black">Mimi
Herrington, Director<br>Bad Axe Area District Library<br>200 S. Hanselman
Street<br>Bad Axe, MI 48413<br><a href="tel:989.269.8538" value="+19892698538" target="_blank">989.269.8538</a> (Phone)<br><a href="tel:989.269.2411" value="+19892692411" target="_blank">989.269.2411</a> (Fax)<br><a href="http://www.badaxelibrary.org" target="_blank">www.badaxelibrary.org</a><u></u><u></u></span></p></div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"><u></u><u></u></span> </p></div>
<div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">From:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"> <a title="rhdewey@charter.net" href="mailto:rhdewey@charter.net" target="_blank">Helen Dewey</a> <u></u><u></u></span></p></div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">Sent:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">
Thursday, April 09, 2015 6:13 PM<u></u><u></u></span></p></div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">To:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"> <a title="bmacdona@gmail.com" href="mailto:bmacdona@gmail.com" target="_blank">Bruce
MacDonald</a> <u></u><u></u></span></p></div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">Cc:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"> <a title="michlib-l@mcls.org" href="mailto:michlib-l@mcls.org" target="_blank">Michlib-l</a> <u></u><u></u></span></p></div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">Subject:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"> Re:
[Michlib-l] segmenting public and staff
networks<u></u><u></u></span></p></div></div></div>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black"><u></u><u></u></span> </p></div></div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="COLOR:black">Bruce,<u></u><u></u></span></p></div>
<div>
<p class="MsoNormal"><span style="COLOR:black">I have been trying to find a way
to separate the staff network from the public network, but I have not found a
solution which lets us use only one broadband cable feed. When I tried a
switch and 2 routers (diagram I found online), the 2 networks were fighting
each other for the Internet network feed.<u></u><u></u></span></p></div>
<div>
<p class="MsoNormal"><span style="COLOR:black">I would greatly appreciate being
pointed to information which would help me segment the
networks.<u></u><u></u></span></p></div>
<div>
<p class="MsoNormal"><span style="COLOR:black"><u></u><u></u></span> </p></div>
<div>
<p class="MsoNormal"><span style="COLOR:black">Helen
Dewey<u></u><u></u></span></p></div>
<div>
<p class="MsoNormal"><span style="COLOR:black">Accidental
Techie<u></u><u></u></span></p></div>
<div>
<p class="MsoNormal"><span style="COLOR:black">and<br>Benzonia Public Library
Board Treasurer<br><a href="mailto:rhdewey@charter.net" target="_blank">rhdewey@charter.net</a><u></u><u></u></span></p></div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"><u></u><u></u></span> </p></div>
<div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">From:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"> <a title="bmacdona@gmail.com" href="mailto:bmacdona@gmail.com" target="_blank">Bruce
MacDonald</a> <u></u><u></u></span></p></div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">Sent:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">
Thursday, April 09, 2015 4:00 PM<u></u><u></u></span></p></div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">To:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"> <a title="shermandirector@winntel.net" href="mailto:shermandirector@winntel.net" target="_blank">Ms. TJ Smith</a> <u></u><u></u></span></p></div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">Cc:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"> <a title="michlib-l@mcls.org" href="mailto:michlib-l@mcls.org" target="_blank">Michlib-l</a> <u></u><u></u></span></p></div>
<div>
<p class="MsoNormal" style="BACKGROUND:whitesmoke"><b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black">Subject:</span></b><span style="FONT-SIZE:10pt;FONT-FAMILY:"Tahoma","sans-serif";COLOR:black"> Re:
[Michlib-l] torrenting wireless
policies/suggestions?<u></u><u></u></span></p></div></div></div>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black"><u></u><u></u></span> </p></div></div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="MARGIN-BOTTOM:12pt"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">Using your
connection to pirate movies not only slows your network, but could land a
library in hot water with the RIAA, who can report the activity to your
internet service provider.<u></u><u></u></span></p></div>
<p class="MsoNormal" style="MARGIN-BOTTOM:12pt"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">Even though our wifi
requires no password, we do have a "captive portal" system in place to display
our wireless policy. There are many other options to do this.<br><a href="http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-important-for-wireless-guest-access" target="_blank">http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-important-for-wireless-guest-access</a><br><br>In
the mean-time, you can dig into the settings in your wireless router. I
believe you will be able to disable torrenting. Even though there are some
legit uses for torrenting files, the vast majority is not traffic you want on
your network, and you can possibly deal with exceptions as they come up (if
they come up at all).<br><a href="http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-router-to-block-access-to-certain-websites" target="_blank">http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-router-to-block-access-to-certain-websites</a><u></u><u></u></span></p></div>
<p class="MsoNormal" style="MARGIN-BOTTOM:12pt"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">It sounds as though
your staff machines are maybe using the same network connection and hardware
as your public machines, and wifi. This could also create security headaches,
and you have already seen with bandwidth needs for your ILS strained. Your
network should be segmented, with each segment inaccessible to the other. This
can be done virtually or physically. There are expensive and inexpensive ways
to do it.<br><a href="https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/bandwidth-management" target="_blank">https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/bandwidth-management</a><u></u><u></u></span></p>
<div>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">Regards,<u></u><u></u></span></p></div>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">Bruce<u></u><u></u></span></p></div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black"><u></u><u></u></span> </p></div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">Bruce A.
MacDonald<br>Assistant Director / Head of Circulation<br>Peter White Public
Library<br>Marquette,
Michigan<u></u><u></u></span></p></div></div></div></div></div>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black"><u></u><u></u></span> </p></div>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">On Thu, Apr 9, 2015
at 10:40 AM, Ms. TJ Smith <<a href="mailto:shermandirector@winntel.net" target="_blank">shermandirector@winntel.net</a>>
wrote:<u></u><u></u></span></p>
<blockquote style="BORDER-TOP:medium none;BORDER-RIGHT:medium none;BORDER-BOTTOM:medium none;PADDING-BOTTOM:0in;PADDING-TOP:0in;PADDING-LEFT:6pt;MARGIN-LEFT:4.8pt;BORDER-LEFT:#cccccc 1pt solid;PADDING-RIGHT:0in;MARGIN-RIGHT:0in">
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">We have been
seeing a large increase in internet traffic and our wireless setup is simply
not holding up. A particular problem is patrons using our wireless for
torrents. Do any of you have policies in place regarding a limit on
high-bandwidth activities? It is frustrating for our other patrons, many of
whom are using the connection for schooling and business purposes, not to
mention the staff trying to use VERSO.<br><br>We currently have 6MB service
through our provider (the highest package offered in our area) connected to
an old router and switch. We have 5 public computers, one catalog computer,
and one staff station all direct-wired through the switch and at any given
time 2-10 wireless devices attached. Our current router is a Netgear N300
WNR2000v2. We're looking to upgrade and add a wireless access point to allow
us better control, but that does not make our current situation any easier
to handle.<br><br>I've been setting the lowest priority QoS for the torrent
users when possible to try to make the connection usable by other patrons.
Does anyone have any tips on how we can better get by in the
meantime?<br><br><br>Ms. TJ Smith<br><br>Library Director<br><br>Sherman
Township Library<br><br><a href="mailto:shermandirector@winntel.net" target="_blank">shermandirector@winntel.net</a><br><br><a href="tel:%28989%29%20644-5131" value="+19896445131" target="_blank">(989)
644-5131</a><br><br><br><br>_______________________________________________<br>Michlib-l
mailing list<br><a href="mailto:Michlib-l@mcls.org" target="_blank">Michlib-l@mcls.org</a><br><a href="http://mail2.mcls.org/mailman/listinfo/michlib-l" target="_blank">http://mail2.mcls.org/mailman/listinfo/michlib-l</a><u></u><u></u></span></p></blockquote></div>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black"><u></u><u></u></span> </p></div></div></div></div></div></div>
<div class="MsoNormal" style="TEXT-ALIGN:center" align="center"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">_______________________________________________<br>Michlib-l
mailing list<br><a href="mailto:Michlib-l@mcls.org" target="_blank">Michlib-l@mcls.org</a><br><a href="http://mail2.mcls.org/mailman/listinfo/michlib-l" target="_blank">http://mail2.mcls.org/mailman/listinfo/michlib-l</a><u></u><u></u></span></p></div></div></div>
<div class="MsoNormal" style="TEXT-ALIGN:center" align="center"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal"><span style="FONT-FAMILY:"Calibri","sans-serif";COLOR:black">_______________________________________________<br>Michlib-l
mailing list<br><a href="mailto:Michlib-l@mcls.org" target="_blank">Michlib-l@mcls.org</a><br><a href="http://mail2.mcls.org/mailman/listinfo/michlib-l" target="_blank">http://mail2.mcls.org/mailman/listinfo/michlib-l</a><u></u><u></u></span></p></div></div></div></div></div></div></div><br>_______________________________________________<br>Michlib-l
mailing list<br><a href="mailto:Michlib-l@mcls.org" target="_blank">Michlib-l@mcls.org</a><br><a href="http://mail2.mcls.org/mailman/listinfo/michlib-l" target="_blank">http://mail2.mcls.org/mailman/listinfo/michlib-l</a><br><br></blockquote></div>
<div> </div></div>
<p>
</p><hr>
_______________________________________________<br>Michlib-l mailing
list<br><a href="mailto:Michlib-l@mcls.org" target="_blank">Michlib-l@mcls.org</a><br><a href="http://mail2.mcls.org/mailman/listinfo/michlib-l" target="_blank">http://mail2.mcls.org/mailman/listinfo/michlib-l</a><br><p></p></div></div></div></div></div></div>
</blockquote></div><br></div>