[Michlib-l] segmenting public and staff networks

Mark Ehle mehle at willardlibrary.org
Mon Apr 13 13:55:41 EDT 2015


In order to properly separate the networks, you will need a
firewall/router. No other way around it. What device does your cable modem
plug into?

On Mon, Apr 13, 2015 at 1:41 PM, Helen Dewey <rhdewey at charter.net> wrote:

>   I can see I wasn’t clear in my description of my segmenting problem.
> I have both staff and public PC’s on the same *wired* connection to the
> Internet. Everything comes in on the same cable modem.  To keep the public
> from printing on the staff-only printer, I have to connect it by USB to one
> staff PC and let the other staff PC’s print to it as part of their
> homegroup privileges.
> Yes, I also want to keep wireless traffic away from the staff network.
> For that, I have an unsecured guest wireless network for the public, and I
> think that is working to keep them separate.  The staff wireless is
> password protected.
> Helen
>
> Helen Dewey
> Accidental Techie
> Benzonia Public Library Board
> rhdewey at charter.net
>   *From:* Mark Ehle <mehle at willardlibrary.org>
> *Sent:* Monday, April 13, 2015 1:06 PM
> *To:* Christian Dunham <christian at carolibrary.org>
> *Cc:* Michlib-l <michlib-l at mcls.org>
> *Subject:* Re: [Michlib-l] segmenting public and staff networks
>
>  In order to keep wireless traffic away from the staff network, you will
> still need a firewall/router. A network-savy person on a wireless device
> could possibly still access all the staff side stuff through a switch.
>
> On Mon, Apr 13, 2015 at 11:23 AM, Christian Dunham <
> christian at carolibrary.org> wrote:
>
>>  Depends on your specific needs, but for run-of-the-mill, the easiest
>> way to accomplish this with standard equipment is a subnet:
>> http://en.wikipedia.org/wiki/Subnetwork
>>
>>
>>
>> Very simplistically, all computers have an IP address. All computers that
>> talk to each other are on the same subnet (if a computer’s IP address is
>> 192.168.0.5, the subnet is “0”). If you setup your Wi-Fi router/access
>> point to distribute addresses to Wi-Fi computers on a separate subnet (say
>> 192.168.1.5, the subnet is “1”), then any computers with the different 0/1
>> subnets cannot talk to each other.
>>
>>  This configuration is greatly different depending on your hardware, but
>> usually you can do it without spending a lot of money on expensive
>> equipment. Here’s a more complicated explanation with graphics:
>> http://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wireless-access
>>
>>
>>
>> Christian Dunham
>>
>> Caro Area District Library
>>
>> 989-673-4329 x 106
>>
>> christian at carolibrary.org
>>
>>
>>
>> *From:* michlib-l-bounces at mcls.org [mailto:michlib-l-bounces at mcls.org] *On
>> Behalf Of *Mimi Herrington
>> *Sent:* Thursday, April 9, 2015 8:53 PM
>> *To:* Helen Dewey; Bruce MacDonald
>>
>> *Cc:* Michlib-l
>> *Subject:* Re: [Michlib-l] segmenting public and staff networks
>>
>>
>>
>> We were provided a free internet drop by Comcast because we’re a
>> library.  We used that drop for wi-fi to the public for laptops and devices
>> and it was separate from our internet to the public and staff computers.
>> The public and staff internet connection is a static IP and the public
>> wi-fi is not.
>>
>>
>>
>> Mimi Herrington, Director
>> Bad Axe Area District Library
>> 200 S. Hanselman Street
>> Bad Axe, MI 48413
>> 989.269.8538 (Phone)
>> 989.269.2411 (Fax)
>> www.badaxelibrary.org
>>
>>
>>
>> *From:* Helen Dewey <rhdewey at charter.net>
>>
>> *Sent:* Thursday, April 09, 2015 6:13 PM
>>
>> *To:* Bruce MacDonald <bmacdona at gmail.com>
>>
>> *Cc:* Michlib-l <michlib-l at mcls.org>
>>
>> *Subject:* Re: [Michlib-l] segmenting public and staff networks
>>
>>
>>
>> Bruce,
>>
>> I have been trying to find a way to separate the staff network from the
>> public network, but I have not found a solution which lets us use only one
>> broadband cable feed.  When I tried a switch and 2 routers (diagram I found
>> online), the 2 networks were fighting each other for the Internet network
>> feed.
>>
>> I would greatly appreciate being pointed to information which would help
>> me segment the networks.
>>
>>
>>
>> Helen Dewey
>>
>> Accidental Techie
>>
>> and
>> Benzonia Public Library Board Treasurer
>> rhdewey at charter.net
>>
>>
>>
>> *From:* Bruce MacDonald <bmacdona at gmail.com>
>>
>> *Sent:* Thursday, April 09, 2015 4:00 PM
>>
>> *To:* Ms. TJ Smith <shermandirector at winntel.net>
>>
>> *Cc:* Michlib-l <michlib-l at mcls.org>
>>
>> *Subject:* Re: [Michlib-l] torrenting wireless policies/suggestions?
>>
>>
>>
>> Using your connection to pirate movies not only slows your network, but
>> could land a library in hot water with the RIAA, who can report the
>> activity to your internet service provider.
>>
>> Even though our wifi requires no password, we do have a "captive portal"
>> system in place to display our wireless policy. There are many other
>> options to do this.
>>
>> http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-important-for-wireless-guest-access
>>
>> In the mean-time, you can dig into the settings in your wireless router.
>> I believe you will be able to disable torrenting. Even though there are
>> some legit uses for torrenting files, the vast majority is not traffic you
>> want on your network, and you can possibly deal with exceptions as they
>> come up (if they come up at all).
>>
>> http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-router-to-block-access-to-certain-websites
>>
>> It sounds as though your staff machines are maybe using the same network
>> connection and hardware as your public machines, and wifi. This could also
>> create security headaches, and you have already seen with bandwidth needs
>> for your ILS strained. Your network should be segmented, with each segment
>> inaccessible to the other. This can be done virtually or physically. There
>> are expensive and inexpensive ways to do it.
>>
>> https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/bandwidth-management
>>
>> Regards,
>>
>> Bruce
>>
>>
>>
>> Bruce A. MacDonald
>> Assistant Director / Head of Circulation
>> Peter White Public Library
>> Marquette, Michigan
>>
>>
>>
>> On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <
>> shermandirector at winntel.net> wrote:
>>
>> We have been seeing a large increase in internet traffic and our wireless
>> setup is simply not holding up. A particular problem is patrons using our
>> wireless for torrents. Do any of you have policies in place regarding a
>> limit on high-bandwidth activities? It is frustrating for our other
>> patrons, many of whom are using the connection for schooling and business
>> purposes, not to mention the staff trying to use VERSO.
>>
>> We currently have 6MB service through our provider (the highest package
>> offered in our area) connected to an old router and switch. We have 5
>> public computers, one catalog computer, and one staff station all
>> direct-wired through the switch and at any given time 2-10 wireless devices
>> attached. Our current router is a Netgear N300 WNR2000v2. We're looking to
>> upgrade and add a wireless access point to allow us better control, but
>> that does not make our current situation any easier to handle.
>>
>> I've been setting the lowest priority QoS for the torrent users when
>> possible to try to make the connection usable by other patrons. Does anyone
>> have any tips on how we can better get by in the meantime?
>>
>>
>> Ms. TJ Smith
>>
>> Library Director
>>
>> Sherman Township Library
>>
>> shermandirector at winntel.net
>>
>> (989) 644-5131 <%28989%29%20644-5131>
>>
>>
>>
>> _______________________________________________
>> Michlib-l mailing list
>> Michlib-l at mcls.org
>> http://mail2.mcls.org/mailman/listinfo/michlib-l
>>
>>
>>  ------------------------------
>>
>> _______________________________________________
>> Michlib-l mailing list
>> Michlib-l at mcls.org
>> http://mail2.mcls.org/mailman/listinfo/michlib-l
>>  ------------------------------
>>
>> _______________________________________________
>> Michlib-l mailing list
>> Michlib-l at mcls.org
>> http://mail2.mcls.org/mailman/listinfo/michlib-l
>>
>> _______________________________________________
>> Michlib-l mailing list
>> Michlib-l at mcls.org
>> http://mail2.mcls.org/mailman/listinfo/michlib-l
>>
>>
>
> ------------------------------
> _______________________________________________
> Michlib-l mailing list
> Michlib-l at mcls.org
> http://mail2.mcls.org/mailman/listinfo/michlib-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail3.mcls.org/pipermail/michlib-l/attachments/20150413/b4a0aa61/attachment.html>


More information about the Michlib-l mailing list