torrenting wireless policies/suggestions?
We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO. We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle. I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime? Ms. TJ Smith Library Director Sherman Township Library shermandirector@winntel.net (989) 644-5131
TJ, I highly recommend getting an Open-Mesh access point. <http://www.open-mesh.com/products/access-points.html> They are comparable to the very popular Meraki access points, but are MUCH cheaper. $100 an access point versus $300. Open-Mesh also doesn't require an annual license fee. It is very easy to setup. Just plug it in to your switch and visit your provided CloudTrax.com account to add the access point to your network. If you wish to deploy more for expanded coverage, you don't have to plug each one in to the switch. You can just plug them in to a power outlet and they act as a repeater. There are many security and bandwidth settings in the CloudTrax.com account: - You can have two networks (staff and public) - Password protect the staff - Splash screen for the public (accept library policy) - Redirect users to a custom URL - Limit the bandwidth for all connected devices - You can block devices that are abusing the network - You can block connected devices from seeing devices on your wired network - You can block connected devices from seeing other connected devices - The access point(s) upgrade firmware automatically I'd be happy to answer more questions. Eric Hayes IT Coordinator | Webmaster Royal Oak Public Library 248-246-3751 www.ropl.org On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector@winntel.net> wrote:
We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO.
We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle.
I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime?
Ms. TJ Smith
Library Director
Sherman Township Library
shermandirector@winntel.net
(989) 644-5131
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
Using your connection to pirate movies not only slows your network, but could land a library in hot water with the RIAA, who can report the activity to your internet service provider. Even though our wifi requires no password, we do have a "captive portal" system in place to display our wireless policy. There are many other options to do this. http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-importa... In the mean-time, you can dig into the settings in your wireless router. I believe you will be able to disable torrenting. Even though there are some legit uses for torrenting files, the vast majority is not traffic you want on your network, and you can possibly deal with exceptions as they come up (if they come up at all). http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-route... It sounds as though your staff machines are maybe using the same network connection and hardware as your public machines, and wifi. This could also create security headaches, and you have already seen with bandwidth needs for your ILS strained. Your network should be segmented, with each segment inaccessible to the other. This can be done virtually or physically. There are expensive and inexpensive ways to do it. https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/band... Regards, Bruce Bruce A. MacDonald Assistant Director / Head of Circulation Peter White Public Library Marquette, Michigan On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector@winntel.net> wrote:
We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO.
We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle.
I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime?
Ms. TJ Smith
Library Director
Sherman Township Library
shermandirector@winntel.net
(989) 644-5131
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
Bruce, I have been trying to find a way to separate the staff network from the public network, but I have not found a solution which lets us use only one broadband cable feed. When I tried a switch and 2 routers (diagram I found online), the 2 networks were fighting each other for the Internet network feed. I would greatly appreciate being pointed to information which would help me segment the networks. Helen Dewey Accidental Techie and Benzonia Public Library Board Treasurer rhdewey@charter.net From: Bruce MacDonald Sent: Thursday, April 09, 2015 4:00 PM To: Ms. TJ Smith Cc: Michlib-l Subject: Re: [Michlib-l] torrenting wireless policies/suggestions? Using your connection to pirate movies not only slows your network, but could land a library in hot water with the RIAA, who can report the activity to your internet service provider. Even though our wifi requires no password, we do have a "captive portal" system in place to display our wireless policy. There are many other options to do this. http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-importa... In the mean-time, you can dig into the settings in your wireless router. I believe you will be able to disable torrenting. Even though there are some legit uses for torrenting files, the vast majority is not traffic you want on your network, and you can possibly deal with exceptions as they come up (if they come up at all). http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-route... It sounds as though your staff machines are maybe using the same network connection and hardware as your public machines, and wifi. This could also create security headaches, and you have already seen with bandwidth needs for your ILS strained. Your network should be segmented, with each segment inaccessible to the other. This can be done virtually or physically. There are expensive and inexpensive ways to do it. https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/band... Regards, Bruce Bruce A. MacDonald Assistant Director / Head of Circulation Peter White Public Library Marquette, Michigan On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector@winntel.net> wrote: We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO. We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle. I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime? Ms. TJ Smith Library Director Sherman Township Library shermandirector@winntel.net (989) 644-5131 _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l -------------------------------------------------------------------------------- _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
We were provided a free internet drop by Comcast because we’re a library. We used that drop for wi-fi to the public for laptops and devices and it was separate from our internet to the public and staff computers. The public and staff internet connection is a static IP and the public wi-fi is not. Mimi Herrington, Director Bad Axe Area District Library 200 S. Hanselman Street Bad Axe, MI 48413 989.269.8538 (Phone) 989.269.2411 (Fax) www.badaxelibrary.org From: Helen Dewey Sent: Thursday, April 09, 2015 6:13 PM To: Bruce MacDonald Cc: Michlib-l Subject: Re: [Michlib-l] segmenting public and staff networks Bruce, I have been trying to find a way to separate the staff network from the public network, but I have not found a solution which lets us use only one broadband cable feed. When I tried a switch and 2 routers (diagram I found online), the 2 networks were fighting each other for the Internet network feed. I would greatly appreciate being pointed to information which would help me segment the networks. Helen Dewey Accidental Techie and Benzonia Public Library Board Treasurer rhdewey@charter.net From: Bruce MacDonald Sent: Thursday, April 09, 2015 4:00 PM To: Ms. TJ Smith Cc: Michlib-l Subject: Re: [Michlib-l] torrenting wireless policies/suggestions? Using your connection to pirate movies not only slows your network, but could land a library in hot water with the RIAA, who can report the activity to your internet service provider. Even though our wifi requires no password, we do have a "captive portal" system in place to display our wireless policy. There are many other options to do this. http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-importa... In the mean-time, you can dig into the settings in your wireless router. I believe you will be able to disable torrenting. Even though there are some legit uses for torrenting files, the vast majority is not traffic you want on your network, and you can possibly deal with exceptions as they come up (if they come up at all). http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-route... It sounds as though your staff machines are maybe using the same network connection and hardware as your public machines, and wifi. This could also create security headaches, and you have already seen with bandwidth needs for your ILS strained. Your network should be segmented, with each segment inaccessible to the other. This can be done virtually or physically. There are expensive and inexpensive ways to do it. https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/band... Regards, Bruce Bruce A. MacDonald Assistant Director / Head of Circulation Peter White Public Library Marquette, Michigan On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector@winntel.net> wrote: We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO. We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle. I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime? Ms. TJ Smith Library Director Sherman Township Library shermandirector@winntel.net (989) 644-5131 _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l -------------------------------------------------------------------------------- _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l -------------------------------------------------------------------------------- _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
Depends on your specific needs, but for run-of-the-mill, the easiest way to accomplish this with standard equipment is a subnet: http://en.wikipedia.org/wiki/Subnetwork Very simplistically, all computers have an IP address. All computers that talk to each other are on the same subnet (if a computer’s IP address is 192.168.0.5, the subnet is “0”). If you setup your Wi-Fi router/access point to distribute addresses to Wi-Fi computers on a separate subnet (say 192.168.1.5, the subnet is “1”), then any computers with the different 0/1 subnets cannot talk to each other. This configuration is greatly different depending on your hardware, but usually you can do it without spending a lot of money on expensive equipment. Here’s a more complicated explanation with graphics: http://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wi... Christian Dunham Caro Area District Library 989-673-4329 x 106 christian@carolibrary.org From: michlib-l-bounces@mcls.org [mailto:michlib-l-bounces@mcls.org] On Behalf Of Mimi Herrington Sent: Thursday, April 9, 2015 8:53 PM To: Helen Dewey; Bruce MacDonald Cc: Michlib-l Subject: Re: [Michlib-l] segmenting public and staff networks We were provided a free internet drop by Comcast because we’re a library. We used that drop for wi-fi to the public for laptops and devices and it was separate from our internet to the public and staff computers. The public and staff internet connection is a static IP and the public wi-fi is not. Mimi Herrington, Director Bad Axe Area District Library 200 S. Hanselman Street Bad Axe, MI 48413 989.269.8538 (Phone) 989.269.2411 (Fax) www.badaxelibrary.org <http://www.badaxelibrary.org> From: Helen Dewey <mailto:rhdewey@charter.net> Sent: Thursday, April 09, 2015 6:13 PM To: Bruce MacDonald <mailto:bmacdona@gmail.com> Cc: Michlib-l <mailto:michlib-l@mcls.org> Subject: Re: [Michlib-l] segmenting public and staff networks Bruce, I have been trying to find a way to separate the staff network from the public network, but I have not found a solution which lets us use only one broadband cable feed. When I tried a switch and 2 routers (diagram I found online), the 2 networks were fighting each other for the Internet network feed. I would greatly appreciate being pointed to information which would help me segment the networks. Helen Dewey Accidental Techie and Benzonia Public Library Board Treasurer rhdewey@charter.net <mailto:rhdewey@charter.net> From: Bruce MacDonald <mailto:bmacdona@gmail.com> Sent: Thursday, April 09, 2015 4:00 PM To: Ms. TJ Smith <mailto:shermandirector@winntel.net> Cc: Michlib-l <mailto:michlib-l@mcls.org> Subject: Re: [Michlib-l] torrenting wireless policies/suggestions? Using your connection to pirate movies not only slows your network, but could land a library in hot water with the RIAA, who can report the activity to your internet service provider. Even though our wifi requires no password, we do have a "captive portal" system in place to display our wireless policy. There are many other options to do this. http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-importa... In the mean-time, you can dig into the settings in your wireless router. I believe you will be able to disable torrenting. Even though there are some legit uses for torrenting files, the vast majority is not traffic you want on your network, and you can possibly deal with exceptions as they come up (if they come up at all). http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-route... It sounds as though your staff machines are maybe using the same network connection and hardware as your public machines, and wifi. This could also create security headaches, and you have already seen with bandwidth needs for your ILS strained. Your network should be segmented, with each segment inaccessible to the other. This can be done virtually or physically. There are expensive and inexpensive ways to do it. https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/band... Regards, Bruce Bruce A. MacDonald Assistant Director / Head of Circulation Peter White Public Library Marquette, Michigan On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector@winntel.net <mailto:shermandirector@winntel.net> > wrote: We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO. We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle. I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime? Ms. TJ Smith Library Director Sherman Township Library shermandirector@winntel.net <mailto:shermandirector@winntel.net> (989) 644-5131 _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org <mailto:Michlib-l@mcls.org> http://mail2.mcls.org/mailman/listinfo/michlib-l _____ _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org <mailto:Michlib-l@mcls.org> http://mail2.mcls.org/mailman/listinfo/michlib-l _____ _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org <mailto:Michlib-l@mcls.org> http://mail2.mcls.org/mailman/listinfo/michlib-l
In order to keep wireless traffic away from the staff network, you will still need a firewall/router. A network-savy person on a wireless device could possibly still access all the staff side stuff through a switch. On Mon, Apr 13, 2015 at 11:23 AM, Christian Dunham < christian@carolibrary.org> wrote:
Depends on your specific needs, but for run-of-the-mill, the easiest way to accomplish this with standard equipment is a subnet: http://en.wikipedia.org/wiki/Subnetwork
Very simplistically, all computers have an IP address. All computers that talk to each other are on the same subnet (if a computer’s IP address is 192.168.0.5, the subnet is “0”). If you setup your Wi-Fi router/access point to distribute addresses to Wi-Fi computers on a separate subnet (say 192.168.1.5, the subnet is “1”), then any computers with the different 0/1 subnets cannot talk to each other.
This configuration is greatly different depending on your hardware, but usually you can do it without spending a lot of money on expensive equipment. Here’s a more complicated explanation with graphics: http://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wi...
Christian Dunham
Caro Area District Library
989-673-4329 x 106
christian@carolibrary.org
*From:* michlib-l-bounces@mcls.org [mailto:michlib-l-bounces@mcls.org] *On Behalf Of *Mimi Herrington *Sent:* Thursday, April 9, 2015 8:53 PM *To:* Helen Dewey; Bruce MacDonald
*Cc:* Michlib-l *Subject:* Re: [Michlib-l] segmenting public and staff networks
We were provided a free internet drop by Comcast because we’re a library. We used that drop for wi-fi to the public for laptops and devices and it was separate from our internet to the public and staff computers. The public and staff internet connection is a static IP and the public wi-fi is not.
Mimi Herrington, Director Bad Axe Area District Library 200 S. Hanselman Street Bad Axe, MI 48413 989.269.8538 (Phone) 989.269.2411 (Fax) www.badaxelibrary.org
*From:* Helen Dewey <rhdewey@charter.net>
*Sent:* Thursday, April 09, 2015 6:13 PM
*To:* Bruce MacDonald <bmacdona@gmail.com>
*Cc:* Michlib-l <michlib-l@mcls.org>
*Subject:* Re: [Michlib-l] segmenting public and staff networks
Bruce,
I have been trying to find a way to separate the staff network from the public network, but I have not found a solution which lets us use only one broadband cable feed. When I tried a switch and 2 routers (diagram I found online), the 2 networks were fighting each other for the Internet network feed.
I would greatly appreciate being pointed to information which would help me segment the networks.
Helen Dewey
Accidental Techie
and Benzonia Public Library Board Treasurer rhdewey@charter.net
*From:* Bruce MacDonald <bmacdona@gmail.com>
*Sent:* Thursday, April 09, 2015 4:00 PM
*To:* Ms. TJ Smith <shermandirector@winntel.net>
*Cc:* Michlib-l <michlib-l@mcls.org>
*Subject:* Re: [Michlib-l] torrenting wireless policies/suggestions?
Using your connection to pirate movies not only slows your network, but could land a library in hot water with the RIAA, who can report the activity to your internet service provider.
Even though our wifi requires no password, we do have a "captive portal" system in place to display our wireless policy. There are many other options to do this.
http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-importa...
In the mean-time, you can dig into the settings in your wireless router. I believe you will be able to disable torrenting. Even though there are some legit uses for torrenting files, the vast majority is not traffic you want on your network, and you can possibly deal with exceptions as they come up (if they come up at all).
http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-route...
It sounds as though your staff machines are maybe using the same network connection and hardware as your public machines, and wifi. This could also create security headaches, and you have already seen with bandwidth needs for your ILS strained. Your network should be segmented, with each segment inaccessible to the other. This can be done virtually or physically. There are expensive and inexpensive ways to do it.
https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/band...
Regards,
Bruce
Bruce A. MacDonald Assistant Director / Head of Circulation Peter White Public Library Marquette, Michigan
On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector@winntel.net> wrote:
We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO.
We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle.
I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime?
Ms. TJ Smith
Library Director
Sherman Township Library
shermandirector@winntel.net
(989) 644-5131
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
------------------------------
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l ------------------------------
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
I can see I wasn’t clear in my description of my segmenting problem. I have both staff and public PC’s on the same wired connection to the Internet. Everything comes in on the same cable modem. To keep the public from printing on the staff-only printer, I have to connect it by USB to one staff PC and let the other staff PC’s print to it as part of their homegroup privileges. Yes, I also want to keep wireless traffic away from the staff network. For that, I have an unsecured guest wireless network for the public, and I think that is working to keep them separate. The staff wireless is password protected. Helen Helen Dewey Accidental Techie Benzonia Public Library Board rhdewey@charter.net From: Mark Ehle Sent: Monday, April 13, 2015 1:06 PM To: Christian Dunham Cc: Michlib-l Subject: Re: [Michlib-l] segmenting public and staff networks In order to keep wireless traffic away from the staff network, you will still need a firewall/router. A network-savy person on a wireless device could possibly still access all the staff side stuff through a switch. On Mon, Apr 13, 2015 at 11:23 AM, Christian Dunham <christian@carolibrary.org> wrote: Depends on your specific needs, but for run-of-the-mill, the easiest way to accomplish this with standard equipment is a subnet: http://en.wikipedia.org/wiki/Subnetwork Very simplistically, all computers have an IP address. All computers that talk to each other are on the same subnet (if a computer’s IP address is 192.168.0.5, the subnet is “0”). If you setup your Wi-Fi router/access point to distribute addresses to Wi-Fi computers on a separate subnet (say 192.168.1.5, the subnet is “1”), then any computers with the different 0/1 subnets cannot talk to each other. This configuration is greatly different depending on your hardware, but usually you can do it without spending a lot of money on expensive equipment. Here’s a more complicated explanation with graphics: http://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wi... Christian Dunham Caro Area District Library 989-673-4329 x 106 christian@carolibrary.org From: michlib-l-bounces@mcls.org [mailto:michlib-l-bounces@mcls.org] On Behalf Of Mimi Herrington Sent: Thursday, April 9, 2015 8:53 PM To: Helen Dewey; Bruce MacDonald Cc: Michlib-l Subject: Re: [Michlib-l] segmenting public and staff networks We were provided a free internet drop by Comcast because we’re a library. We used that drop for wi-fi to the public for laptops and devices and it was separate from our internet to the public and staff computers. The public and staff internet connection is a static IP and the public wi-fi is not. Mimi Herrington, Director Bad Axe Area District Library 200 S. Hanselman Street Bad Axe, MI 48413 989.269.8538 (Phone) 989.269.2411 (Fax) www.badaxelibrary.org From: Helen Dewey Sent: Thursday, April 09, 2015 6:13 PM To: Bruce MacDonald Cc: Michlib-l Subject: Re: [Michlib-l] segmenting public and staff networks Bruce, I have been trying to find a way to separate the staff network from the public network, but I have not found a solution which lets us use only one broadband cable feed. When I tried a switch and 2 routers (diagram I found online), the 2 networks were fighting each other for the Internet network feed. I would greatly appreciate being pointed to information which would help me segment the networks. Helen Dewey Accidental Techie and Benzonia Public Library Board Treasurer rhdewey@charter.net From: Bruce MacDonald Sent: Thursday, April 09, 2015 4:00 PM To: Ms. TJ Smith Cc: Michlib-l Subject: Re: [Michlib-l] torrenting wireless policies/suggestions? Using your connection to pirate movies not only slows your network, but could land a library in hot water with the RIAA, who can report the activity to your internet service provider. Even though our wifi requires no password, we do have a "captive portal" system in place to display our wireless policy. There are many other options to do this. http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-importa... In the mean-time, you can dig into the settings in your wireless router. I believe you will be able to disable torrenting. Even though there are some legit uses for torrenting files, the vast majority is not traffic you want on your network, and you can possibly deal with exceptions as they come up (if they come up at all). http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-route... It sounds as though your staff machines are maybe using the same network connection and hardware as your public machines, and wifi. This could also create security headaches, and you have already seen with bandwidth needs for your ILS strained. Your network should be segmented, with each segment inaccessible to the other. This can be done virtually or physically. There are expensive and inexpensive ways to do it. https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/band... Regards, Bruce Bruce A. MacDonald Assistant Director / Head of Circulation Peter White Public Library Marquette, Michigan On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector@winntel.net> wrote: We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO. We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle. I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime? Ms. TJ Smith Library Director Sherman Township Library shermandirector@winntel.net (989) 644-5131 _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l ------------------------------------------------------------------------------ _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l ------------------------------------------------------------------------------ _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l -------------------------------------------------------------------------------- _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
In order to properly separate the networks, you will need a firewall/router. No other way around it. What device does your cable modem plug into? On Mon, Apr 13, 2015 at 1:41 PM, Helen Dewey <rhdewey@charter.net> wrote:
I can see I wasn’t clear in my description of my segmenting problem. I have both staff and public PC’s on the same *wired* connection to the Internet. Everything comes in on the same cable modem. To keep the public from printing on the staff-only printer, I have to connect it by USB to one staff PC and let the other staff PC’s print to it as part of their homegroup privileges. Yes, I also want to keep wireless traffic away from the staff network. For that, I have an unsecured guest wireless network for the public, and I think that is working to keep them separate. The staff wireless is password protected. Helen
Helen Dewey Accidental Techie Benzonia Public Library Board rhdewey@charter.net *From:* Mark Ehle <mehle@willardlibrary.org> *Sent:* Monday, April 13, 2015 1:06 PM *To:* Christian Dunham <christian@carolibrary.org> *Cc:* Michlib-l <michlib-l@mcls.org> *Subject:* Re: [Michlib-l] segmenting public and staff networks
In order to keep wireless traffic away from the staff network, you will still need a firewall/router. A network-savy person on a wireless device could possibly still access all the staff side stuff through a switch.
On Mon, Apr 13, 2015 at 11:23 AM, Christian Dunham < christian@carolibrary.org> wrote:
Depends on your specific needs, but for run-of-the-mill, the easiest way to accomplish this with standard equipment is a subnet: http://en.wikipedia.org/wiki/Subnetwork
Very simplistically, all computers have an IP address. All computers that talk to each other are on the same subnet (if a computer’s IP address is 192.168.0.5, the subnet is “0”). If you setup your Wi-Fi router/access point to distribute addresses to Wi-Fi computers on a separate subnet (say 192.168.1.5, the subnet is “1”), then any computers with the different 0/1 subnets cannot talk to each other.
This configuration is greatly different depending on your hardware, but usually you can do it without spending a lot of money on expensive equipment. Here’s a more complicated explanation with graphics: http://superuser.com/questions/569710/how-to-create-a-separate-subnet-for-wi...
Christian Dunham
Caro Area District Library
989-673-4329 x 106
christian@carolibrary.org
*From:* michlib-l-bounces@mcls.org [mailto:michlib-l-bounces@mcls.org] *On Behalf Of *Mimi Herrington *Sent:* Thursday, April 9, 2015 8:53 PM *To:* Helen Dewey; Bruce MacDonald
*Cc:* Michlib-l *Subject:* Re: [Michlib-l] segmenting public and staff networks
We were provided a free internet drop by Comcast because we’re a library. We used that drop for wi-fi to the public for laptops and devices and it was separate from our internet to the public and staff computers. The public and staff internet connection is a static IP and the public wi-fi is not.
Mimi Herrington, Director Bad Axe Area District Library 200 S. Hanselman Street Bad Axe, MI 48413 989.269.8538 (Phone) 989.269.2411 (Fax) www.badaxelibrary.org
*From:* Helen Dewey <rhdewey@charter.net>
*Sent:* Thursday, April 09, 2015 6:13 PM
*To:* Bruce MacDonald <bmacdona@gmail.com>
*Cc:* Michlib-l <michlib-l@mcls.org>
*Subject:* Re: [Michlib-l] segmenting public and staff networks
Bruce,
I have been trying to find a way to separate the staff network from the public network, but I have not found a solution which lets us use only one broadband cable feed. When I tried a switch and 2 routers (diagram I found online), the 2 networks were fighting each other for the Internet network feed.
I would greatly appreciate being pointed to information which would help me segment the networks.
Helen Dewey
Accidental Techie
and Benzonia Public Library Board Treasurer rhdewey@charter.net
*From:* Bruce MacDonald <bmacdona@gmail.com>
*Sent:* Thursday, April 09, 2015 4:00 PM
*To:* Ms. TJ Smith <shermandirector@winntel.net>
*Cc:* Michlib-l <michlib-l@mcls.org>
*Subject:* Re: [Michlib-l] torrenting wireless policies/suggestions?
Using your connection to pirate movies not only slows your network, but could land a library in hot water with the RIAA, who can report the activity to your internet service provider.
Even though our wifi requires no password, we do have a "captive portal" system in place to display our wireless policy. There are many other options to do this.
http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-importa...
In the mean-time, you can dig into the settings in your wireless router. I believe you will be able to disable torrenting. Even though there are some legit uses for torrenting files, the vast majority is not traffic you want on your network, and you can possibly deal with exceptions as they come up (if they come up at all).
http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-route...
It sounds as though your staff machines are maybe using the same network connection and hardware as your public machines, and wifi. This could also create security headaches, and you have already seen with bandwidth needs for your ILS strained. Your network should be segmented, with each segment inaccessible to the other. This can be done virtually or physically. There are expensive and inexpensive ways to do it.
https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/band...
Regards,
Bruce
Bruce A. MacDonald Assistant Director / Head of Circulation Peter White Public Library Marquette, Michigan
On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith < shermandirector@winntel.net> wrote:
We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO.
We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle.
I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime?
Ms. TJ Smith
Library Director
Sherman Township Library
shermandirector@winntel.net
(989) 644-5131 <%28989%29%20644-5131>
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
------------------------------
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l ------------------------------
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
------------------------------ _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
Have you contacted your library co-op? They probably know more about your network setup, and might have a quick solution for you. Bruce A. MacDonald Assistant Director / Head of Circulation Peter White Public Library Marquette, Michigan On Thu, Apr 9, 2015 at 6:13 PM, Helen Dewey <rhdewey@charter.net> wrote:
Bruce, I have been trying to find a way to separate the staff network from the public network, but I have not found a solution which lets us use only one broadband cable feed. When I tried a switch and 2 routers (diagram I found online), the 2 networks were fighting each other for the Internet network feed. I would greatly appreciate being pointed to information which would help me segment the networks.
Helen Dewey Accidental Techie and Benzonia Public Library Board Treasurer rhdewey@charter.net
*From:* Bruce MacDonald <bmacdona@gmail.com> *Sent:* Thursday, April 09, 2015 4:00 PM *To:* Ms. TJ Smith <shermandirector@winntel.net> *Cc:* Michlib-l <michlib-l@mcls.org> *Subject:* Re: [Michlib-l] torrenting wireless policies/suggestions?
Using your connection to pirate movies not only slows your network, but could land a library in hot water with the RIAA, who can report the activity to your internet service provider.
Even though our wifi requires no password, we do have a "captive portal" system in place to display our wireless policy. There are many other options to do this.
http://www.securedgenetworks.com/security-blog/Why-is-captive-portal-importa...
In the mean-time, you can dig into the settings in your wireless router. I believe you will be able to disable torrenting. Even though there are some legit uses for torrenting files, the vast majority is not traffic you want on your network, and you can possibly deal with exceptions as they come up (if they come up at all).
http://kb.netgear.com/app/answers/detail/a_id/20483/~/set-up-a-netgear-route...
It sounds as though your staff machines are maybe using the same network connection and hardware as your public machines, and wifi. This could also create security headaches, and you have already seen with bandwidth needs for your ILS strained. Your network should be segmented, with each segment inaccessible to the other. This can be done virtually or physically. There are expensive and inexpensive ways to do it.
https://www.techsoupforlibraries.org/cookbook-3/networking-and-security/band...
Regards, Bruce
Bruce A. MacDonald Assistant Director / Head of Circulation Peter White Public Library Marquette, Michigan
On Thu, Apr 9, 2015 at 10:40 AM, Ms. TJ Smith <shermandirector@winntel.net
wrote:
We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO.
We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle.
I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime?
Ms. TJ Smith
Library Director
Sherman Township Library
shermandirector@winntel.net
(989) 644-5131
_______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
------------------------------ _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
One consideration is OpenDNS, which enables you (through your router settings) to force everything to use the OpenDNS service, which you can set filters on. OpenDNS technically available for free through their website (opendns.com). You can set it to filter just torrent traffic rather easily with the settings. (with the full Enterprise service, you can also set yourself up as fully CiPA compliant). ----- Original Message ----- From: "Ms. TJ Smith" <shermandirector@winntel.net> To: "Michlib-l" <michlib-l@mcls.org> Sent: Thursday, April 9, 2015 10:40:27 AM Subject: [Michlib-l] torrenting wireless policies/suggestions? We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO. We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle. I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime? Ms. TJ Smith Library Director Sherman Township Library shermandirector@winntel.net (989) 644-5131 _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l -- Michael McEvoy mmcevoy@northvillelibrary.org Technology Coordinator Northville District Library http://www.northvillelibrary.org Chair of the TLN Technology Committee (2014-2015) SMS: (248) 982-4918 or mightyspoo@gmail.com Phone via CAPTEL @ Library: (248) 912-0040 Remember, Technical Solutions to Social issues are inherently flawed!
TLN provides OpenDNS Enterprise subscriptions at only $200/year. There's a $75 setup fee. All public libraries in Michigan can take advantage of this discount. Interested? Please contact me to place your order. Thanks, Angie Michelini Technology Services Manager The Library Network 41365 Vincenti Court, Novi, MI 48375 Office: 248.536.3100 x144, primary contact number Cell: 734.673.7303, urgent requests only ----- Original Message ----- From: "Michael McEvoy" <mmcevoy@northvillelibrary.org> To: "Ms. TJ Smith" <shermandirector@winntel.net> Cc: "Michlib-l" <michlib-l@mcls.org> Sent: Thursday, April 9, 2015 4:08:14 PM Subject: Re: [Michlib-l] torrenting wireless policies/suggestions? One consideration is OpenDNS, which enables you (through your router settings) to force everything to use the OpenDNS service, which you can set filters on. OpenDNS technically available for free through their website (opendns.com). You can set it to filter just torrent traffic rather easily with the settings. (with the full Enterprise service, you can also set yourself up as fully CiPA compliant). ----- Original Message ----- From: "Ms. TJ Smith" <shermandirector@winntel.net> To: "Michlib-l" <michlib-l@mcls.org> Sent: Thursday, April 9, 2015 10:40:27 AM Subject: [Michlib-l] torrenting wireless policies/suggestions? We have been seeing a large increase in internet traffic and our wireless setup is simply not holding up. A particular problem is patrons using our wireless for torrents. Do any of you have policies in place regarding a limit on high-bandwidth activities? It is frustrating for our other patrons, many of whom are using the connection for schooling and business purposes, not to mention the staff trying to use VERSO. We currently have 6MB service through our provider (the highest package offered in our area) connected to an old router and switch. We have 5 public computers, one catalog computer, and one staff station all direct-wired through the switch and at any given time 2-10 wireless devices attached. Our current router is a Netgear N300 WNR2000v2. We're looking to upgrade and add a wireless access point to allow us better control, but that does not make our current situation any easier to handle. I've been setting the lowest priority QoS for the torrent users when possible to try to make the connection usable by other patrons. Does anyone have any tips on how we can better get by in the meantime? Ms. TJ Smith Library Director Sherman Township Library shermandirector@winntel.net (989) 644-5131 _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l -- Michael McEvoy mmcevoy@northvillelibrary.org Technology Coordinator Northville District Library http://www.northvillelibrary.org Chair of the TLN Technology Committee (2014-2015) SMS: (248) 982-4918 or mightyspoo@gmail.com Phone via CAPTEL @ Library: (248) 912-0040 Remember, Technical Solutions to Social issues are inherently flawed! _______________________________________________ Michlib-l mailing list Michlib-l@mcls.org http://mail2.mcls.org/mailman/listinfo/michlib-l
participants (9)
-
Angie Michelini -
Bruce MacDonald -
Christian Dunham -
Eric Hayes -
Helen Dewey -
Mark Ehle -
Michael McEvoy -
Mimi Herrington -
Ms. TJ Smith