wireless laptops to the domain without given them access to the local network but have internet connection

The question is this...how do we join the laptops to the domain without given them access to the local network. The laptops need to have access to the Domain for authentication, but they reside on an SSID that is not configured to see the local traffic(DC).

We want the computers to be able to go online wirelessly of course we just do not want the computers compromising anything on the local network and still be able to manage the computers with group policy.
2 answers Last reply
More about wireless laptops domain access local network internet connection
  1. This is not an area I know a lot about but i'd imagine your wireless would be in a different vlan. You just need an ACL to stop unwanted traffic between the vlans. You would probably want the access point set to run the wireless clients in isolation also so they cant talk to each other. I would have also thought your wireless controller mightbe able to manage domain authentication without the computers having to be allowed through/talk to the DC directly. Though I dont know as I've never used one.
  2. Authentication with the domain controller is easy actual logging into the domain controller and management with group policy but not allowing access to the lan is hard.

    So if all you want to do is authenticate the user with their domain credentials or even with certificates that you install in machine you can just run the wireless in enterprise mode and the AP will talk to your domain controller via radius...you of course must turn radius on the domain controller.

    If you want them to actually login to the doman controller then as stated in the above post you are going to need some device that is more than a simple consumer router, it needs to be able to restrict traffic between lan ports.
Ask a new question

Read More

Wireless Domain DC Local network