If your school uses enterprise WiFi network infrastructure, we recommend adding your BuildFlow servers to a WPA2 Pre-Shared Key secured VLAN. There are many network configuration options available, but use of a WPA2-PSK network will minimise interruptions to your BuildFlow service.
Why a VLAN?
Enterprise networks can be tricky to manage, especially large networks with multiple classes of users and a mixed array of devices connecting over multiple access points. To segregate and control the privileges afforded to connected devices, control user access and ensure compatibility with a broad range of devices (IoT devices, printers, wireless P.A. etc.), it is not uncommon to deploy a virtual local area network (VLAN). You can read more about VLANs here.
By placing these devices on a VLAN, a network administrator:
- Can provide connectivity for users and enterprise devices on the same access point without placing them in the same subnet, segregating access.
- Can enable and broadcast device specific functionality like Bonjour/Zeroconf service discovery browsing domains.
- Can control external domain access at the network level by controlling ports, protocols and domains accessible from the subnet.
- Can assign a unique WiFi SSID and connection details for devices on this VLAN.
By connecting a BuildFlow server to a VLAN via WPA2-PSK WiFi connection:
- You only need to reconfigure your BuildFlow server if your Pre-Shared Key changes.
- You can filter access to BuildFlow’s subdomains per your network access policy for the VLAN.
- You do not require a provisioned wireless encryption certificate or RADIUS distribution service which may be incompatible with headless server devices like the BuildFlow server.
Recommended VLAN configuration
- Best practice suggests that you should not deploy more than 3 VLANs on each network access port to avoid excessive network overhead and routing issues.
- If you don’t currently run a utility VLAN, create one available on all Access Points where BuildFlow servers will be deployed.
- Associate an appropriate associated WiFi SSID (e.g. ’SCHOOLNAME-printers’).
- Set your WiFi network key to WPA2-PSK and create a secure password.
- Turn off SSID-broadcast if you do not want the network to be visible to users.
- Enable VLAN isolation.
- Either disable proxy filtering for your VLAN or enable proxy whitelist for buildflow.online & *.buildflow.online. For more information, visit our article on whitelisting.
- Disable any SSL packet inspection or sniffing services.
- Log into https://buildflow.online, choose configure printer, and choose the “Personal WiFi” option. Follow the prompts to generate a new configuration file and install it on your BuildFlow server(s).
If you can’t use a VLAN
If you already have too many VLANs active, don't have an appropriate VLAN to deploy print server hardware to, don't have a network infrastructure that can support VLANs, or your network administrator has indicated that you should use your regular WiFi username and password to connect; there are other options to connect your BuildFlow server to your network on the Configuring your BuildFlow page.