wifi / network security

MikeOCUK

MikeOCUK

MikeOCUK

Associate
Joined
23 Jun 2004
Posts
354
Location
stoke-on-trent
just after other peoples opinions before i go ahead with what iv got planned.

ADSL connection comes in and goes to a router, then off to a switch, then a number of pcs are connected to the switch.

we need to have wireless internet access, using a number of access points. however it will be sharing the existing connection. however there needs to be some security between wifi access and the pcs already in place. basically they shouldnt be able to access the pcs at all.
How would you go about doing this?
 
well how i have mine setup is, ill break it down to simplify it as i have 3 lines

but

ROUTER -------- Which i have segmented the 5 network ports, ie 3 virtual lans,

virtual lan 1 goes to server,

virtual lan 2 goes to wireless acsess point thus connected to wireless clients,

Then on my router i enable restricted network acsess,

this means when someone connects wireless to the lan, they go straight to a page in the browser which needs them to login with a valid username/password if they dont no net acsess simple as,

in this situation they also dont get acsess to the wired pcs or the other virtual lans

although i have an advanced not home router, so you probley wudnt be able to do it on a home router
 
Router that performs NAT would do it. Connect WAN port to network port on your machine [Edit: I meant switch], and the wireless machines would be on the wireless LAN segment.
NAT'll see that file sharing etc gets broken, you could use a firewall to see to anything else. Problem (mostly) solved.
 
Last edited:
not quite sure on that?
i was thinking of plugging a seperate wireless router into the existing router, would this do the trick.

tolien im not quite understanding you! 'Connect WAN port to network port on your machine'

there are a few wired machines that need to be seperatre from the wifi.
 
ok, so if i plug a cable router into the existing router, it will hopefully run on a seperate subnet, get the newly added router to run DHCP for the wifi clients. this way they should only be able to get internet access, and nothing on the other subnet connected to the original router.
 
What router are you using for internet access? If it'll do ACLs then set a rule to prevent the wireless network being routed to the wired one. You should have some sort of IP filtering i would think. Just stop hosts from network x.x.1.x from accessing network x.x.2.x.
Alternatively if you can't do that you can bag a Cisco 2500 router off ebay for bugger all these days. That's what i'd use, the proper job. Hang that off your switch and set it as default gateway for everything.
 
Skiddley said:
:D 25xx...might need something more meaty than one of those relics, they don't even do FE.
Click to expand...
Why do you need FastEthernet for net access of probably no more than 8Mbit? If the router is gateway it only goes near it if it's headed to another network, else it'll bounce around within the switch.
 
He is right, but if the switch is half decent it should support ACLs itself without the need for forwarding the traffic through some dodgy ol' router. Anyway, those with 2X ethernet are rare and setting up 'router on a stick' is just greif that you don't need.

I'd just go with the VLAN option, much more elegent, and no need for packet inspection to satisfy your ACL logic - I.e., better performance.

Skidd.
 
wow guys, were all going a little offtrack here.
unfortunately i wont know the make or model of the existing equipment until i go to fit the wifi equipment, so iv got to go in with a plan that will work no matter what.
so do we agree adding a wireless cable router to the existing router will work here?
 
You must log in or register to reply here.
Back
Top Bottom