Adding open wireless to our netowrk?

[Dr Zoidberg]

Possibly not the best title but best I could think off.

In our company network is it possible to add a wireless access point and then not allow our users to use it but have it available for 'visitors' to use to get on the internet without them having access to our network?

What is the best way to achieve this sort of thing?

Are there any things to be careful of or look out for?

Thanks
Keith

 

[errata]

What broadband etc access to the itnernet to you already have? do you want to share that connction or buy in something just for the visitors?

I can see lots of advantages in having it separate, everthing else requires somebody in the know who can configure security to protect you network.

 

[Dr Zoidberg]

Looking to let them use our current broadband connection, with out accessing our network,
I know to do that there is going to have to be a link into our network but can that be restricted so they just have internet access from it.

I suppose it would be an idea to look at how our broadband comes in and connects to our network and look at it from there.

If we installed a wireless access point, and gave it a static IP out side our normal range could that be feed back through a DMZ or something to allow internet access on it?

 

[Skidilliplop]

You can use a Wifi router such as a WRT54GL with custom firmware such as tomato and configure a static next hop route and ACL to effectively bypass your network. I have a USR router doing this for cabled internet here at the moment. The router WAN interface has IP and gateway for the local subnet but there is a static route configured for all traffic to our firewall at HQ thus any traffic bound for the router gets bombed straight to the internet breakout so you can't see any of the network on the route.

Alternatively you could put the WAN interface on a separate subnet and don't configure routing between that subnet and other LAN addresses.

It's quite easy to do if you have decent gear and know how.