Step1 . Open wireshark.choose the second icon from the left, which is "capture options".
In the "Capture" frame, choose the interface you will use to connect to Internet. In the "capture Filter: type" tcp port http", this will just get the type of traffic we need in this example.Then, click "start".
Then open a browser and visit www.abc.net.au, and you can see some records have been added in to the wireshark. If the home page show up, we can close the browser and click the stop button, which is the 4th from the left.
Step2. Open a browser, and visit www.yourdomain.com to create a record Open CMD, type:
Active Directory Domain Services( AD DS): A WDS server must be either a member of an AD DS domain or DC for an AD DS. Install AD DS first, then click Run the active Directory Domain Services Installation Wizard (dcpromo.exe) .
DHCP ( dynamic host configuration protocol)
NTFS volume: the WDS image store requires NTFS volume.
(transport server) Local Administrator Group Credentials. The server must be a member of the local administrators group in order to perform the installation tasks and other server tasks required.
(transport server) PXE provider: If WDS is running on the same server as DHCP:
> WDSUTIL /set-server /DHCPoption60:yes
> WDSUTIL /set-server /usedhcpports:no
not listen on ...
Network size: 1800 students, 200 faculties.
All network (LAN connection or internet) stopped functioning for about 30 seconds every 4 hours in the beginning(Spanning tree issue) then mostly in the morning when people start to work, then recover itself.
Find the ownership
Due to the school network was a flat design, all the devices are in one subnet, I suspect it was a traffic storm ( Multicast, broadcast), or Spanning tree issue ( recalculation the root switch freezes the whole network)
We setup multiping to ping switches...
We will let the mobile devices (Laptop, windows tablet) be able to logon in the wireless network automatically via certificate based authentication before user login, so mobile devices can pull the computer GPO, such as MSI deployment, printer deployment on Computer object, etc. And after user login, it will switch to user certificate based authentication, and allow proxy to audit and apply policies on the devices. The answer is Certificate based authentication (EAP-TLS).
Unfortunately this is not that straight forward since there are a couple of requirement for the server and client certificate. You can configure this with this tutorial, but you would need a solid understanding of how NPS works, how CA works, in case of troubleshooting required, as there are so...