wifi / network security

Associate
Joined
23 Jun 2004
Posts
354
Location
stoke-on-trent
just after other peoples opinions before i go ahead with what iv got planned.

ADSL connection comes in and goes to a router, then off to a switch, then a number of pcs are connected to the switch.

we need to have wireless internet access, using a number of access points. however it will be sharing the existing connection. however there needs to be some security between wifi access and the pcs already in place. basically they shouldnt be able to access the pcs at all.
How would you go about doing this?
 
Associate
Joined
8 Nov 2005
Posts
425
Location
Derbyshire UK
well how i have mine setup is, ill break it down to simplify it as i have 3 lines

but

ROUTER -------- Which i have segmented the 5 network ports, ie 3 virtual lans,

virtual lan 1 goes to server,

virtual lan 2 goes to wireless acsess point thus connected to wireless clients,

Then on my router i enable restricted network acsess,

this means when someone connects wireless to the lan, they go straight to a page in the browser which needs them to login with a valid username/password if they dont no net acsess simple as,

in this situation they also dont get acsess to the wired pcs or the other virtual lans

although i have an advanced not home router, so you probley wudnt be able to do it on a home router
 
Caporegime
Joined
16 May 2003
Posts
25,368
Location
::1
Router that performs NAT would do it. Connect WAN port to network port on your machine [Edit: I meant switch], and the wireless machines would be on the wireless LAN segment.
NAT'll see that file sharing etc gets broken, you could use a firewall to see to anything else. Problem (mostly) solved.
 
Last edited:
Associate
OP
Joined
23 Jun 2004
Posts
354
Location
stoke-on-trent
not quite sure on that?
i was thinking of plugging a seperate wireless router into the existing router, would this do the trick.

tolien im not quite understanding you! 'Connect WAN port to network port on your machine'

there are a few wired machines that need to be seperatre from the wifi.
 
Associate
OP
Joined
23 Jun 2004
Posts
354
Location
stoke-on-trent
ok, so if i plug a cable router into the existing router, it will hopefully run on a seperate subnet, get the newly added router to run DHCP for the wifi clients. this way they should only be able to get internet access, and nothing on the other subnet connected to the original router.
 
Associate
Joined
28 Sep 2005
Posts
1,282
Location
London
What router are you using for internet access? If it'll do ACLs then set a rule to prevent the wireless network being routed to the wired one. You should have some sort of IP filtering i would think. Just stop hosts from network x.x.1.x from accessing network x.x.2.x.
Alternatively if you can't do that you can bag a Cisco 2500 router off ebay for bugger all these days. That's what i'd use, the proper job. Hang that off your switch and set it as default gateway for everything.
 
Associate
Joined
28 Sep 2005
Posts
1,282
Location
London
Skiddley said:
:D 25xx...might need something more meaty than one of those relics, they don't even do FE.
Why do you need FastEthernet for net access of probably no more than 8Mbit? If the router is gateway it only goes near it if it's headed to another network, else it'll bounce around within the switch.
 
Soldato
Joined
1 Aug 2003
Posts
3,797
Location
Cheshire
He is right, but if the switch is half decent it should support ACLs itself without the need for forwarding the traffic through some dodgy ol' router. Anyway, those with 2X ethernet are rare and setting up 'router on a stick' is just greif that you don't need.

I'd just go with the VLAN option, much more elegent, and no need for packet inspection to satisfy your ACL logic - I.e., better performance.

Skidd.
 
Associate
OP
Joined
23 Jun 2004
Posts
354
Location
stoke-on-trent
wow guys, were all going a little offtrack here.
unfortunately i wont know the make or model of the existing equipment until i go to fit the wifi equipment, so iv got to go in with a plan that will work no matter what.
so do we agree adding a wireless cable router to the existing router will work here?
 
Back
Top Bottom