Isolating a wireless subnet?
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||||||||||||||
|
Posted by Janey on March 21, 2008, 4:13 am
Please log in for more thread options (802.11n) and would like to provide Internet access for clients in the waiting room. Obviously we don't want them to have access to our computers or servers. By what mechanism can a wireless subnet be created such that the users have Internet access yet cannot (easily) have access to the rest of the private net that shares the DSL modem that supplies 'net access to the LAN as a whole? Is a router required at the junction of the DSL modem and the 2 AirPort WAPs that controls access between the 2 branches? Other means? Thanks, Janie | |||||||||||||||||||||||||||||||
|
Posted by glen herrmannsfeldt on March 21, 2008, 5:43 am
Please log in for more thread options Janey wrote: (snip) I presume you now have one NAT router between you and the DSL connection. To do what you ask requires three NAT routers (and three distinct subnets). In many cases wireless access points are combined with NAT routers which would minimize the number of boxes. Does the Airport Extreme include NAT? (I thought Airport Extreme was 802.11G not N.) Unless your DSL supplies more than one IP address you want one NAT router connected to the DSL modem to allow more than one IP address to connect to the Internet. Next, you want a NAT router for your use and a NAT router for other users each connected to the first NAT router. The first one should not have wireless access (or should have it turned off). The second and third could be either NAT routers with wireless access or NAT routers connected to wireless access points. -- glen | |||||||||||||||||||||||||||||||
|
Posted by DLR on March 21, 2008, 7:11 am
Please log in for more thread options Janey wrote:
> We're replacing an Apple "snow" AirPort (802.11b) with an AirPort Extreme
> (802.11n) and would like to provide Internet access for clients in the > waiting room. Obviously we don't want them to have access to our computers or > servers. > > By what mechanism can a wireless subnet be created such that the users have > Internet access yet cannot (easily) have access to the rest of the private > net that shares the DSL modem that supplies 'net access to the LAN as a > whole? > > Is a router required at the junction of the DSL modem and the 2 AirPort WAPs > that controls access between the 2 branches? Since you're asking here I'll assume your knowledge is a bit limited. As to the two branches I'll assume you mean the waiting room and office sections of your network. First you can do it with 3 routers but also two if you do it right. DSL Modem ---- Router1 **** wireless to waiting room | +-----Router2 (off LAN port of router1) + *********** wireless to office | +------------ wired to office (off LAN port of router2) With this setup your waiting room can see the Internet as a whole but can't drill down into your office as long as you don't have router2 set to forward anything from the outside to any particular LAN. To keep things simple Apple somewhat limits your choices as to NAT addresses so I'd pick something like the 192.168.x.x range for the office and 10.0.0.x range for the waiting room. This is set in router2 and router1 respectively. As to which router you use where, I guess I'd put the newer one as router 2 as it will have somewhat better security options. You should lock down the admin of both routers with very very good passwords. You should also lock down the wireless to the office with a very secure password and no post its allowed. Or turn it off. And keep access to the routers and any wired Ethernet ports restricted. Physically. And you mentioned "waiting room" I'd find a local mac wiz (there should be a user group in the area) or network wiz who will not get indignant at the Apple routers and pay them $200 for an hour or so of time to make sure you do it right. Doing it wrong in a doctors office can be a very bad idea. David | |||||||||||||||||||||||||||||||
|
Posted by Gavrilo Prinzip on March 21, 2008, 7:31 am
Please log in for more thread options
> And you mentioned "waiting room" I'd find a local mac wiz (there should be a
> user group in the area) or network wiz who will not get indignant at the > Apple routers and pay them $200 for an hour or so of time to make sure you do > it right. Doing it wrong in a doctors office can be a very bad idea. I'd point out also that you don't absolutely need Apple products. We have a setup something like this for our Inn using two non-Apple routers; our only computers are Macs, and this setup works equally well in connecting visiting Macs _and_ PCs. I use Airport Extreme in the Mac Pro now and then to test the wireless connections. -- Gav P | |||||||||||||||||||||||||||||||
|
Posted by DLR on March 21, 2008, 8:56 am
Please log in for more thread options Gavrilo Prinzip wrote:
>
>> And you mentioned "waiting room" I'd find a local mac wiz (there should be a
>> user group in the area) or network wiz who will not get indignant at the >> Apple routers and pay them $200 for an hour or so of time to make sure you do >> it right. Doing it wrong in a doctors office can be a very bad idea. >
> I'd point out also that you don't absolutely need Apple products. We > have a setup something like this for our Inn using two non-Apple > routers; our only computers are Macs, and this setup works equally well > in connecting visiting Macs _and_ PCs. Agreed. But the OP implied they had already bought or planned to buy a 2nd Apple router. And if all you've ever seen is a Linksys configuration web page, well things are a bit different. My point was to not get "your brother's friend who's owned a mac for 2 months" to come do it. David | |||||||||||||||||||||||||||||||
| Similar Threads | Posted |
| Isolating a wireless subnet? | March 21, 2008, 4:13 am |
| Isolating LANs? | January 12, 2006, 10:33 am |
| VLAN and Subnet | March 27, 2005, 4:31 pm |
| NAS behind Router on same subnet. | October 13, 2006, 2:58 pm |
| Simultaneous DSL use with wireless? | January 4, 2005, 9:58 am |
| connecting two wireless routers | January 20, 2005, 10:53 am |
| Looking for wireless router tutorial | May 2, 2005, 9:08 pm |
| Good wireless bridge? | April 29, 2005, 5:52 pm |
| AT-WCP200G wireless problems | February 13, 2006, 12:46 pm |
| Wireless Versus Ethernet | July 18, 2006, 5:55 pm |
| VOIP/Wireless router/FWT/FWP | December 1, 2007, 2:42 am |
| MAC address of wireless access point | July 15, 2004, 12:53 pm |
| Anyone recommend a similiar wireless group? | January 7, 2005, 4:02 am |
| "Wireless Ethernet Bridge" and security ? | April 9, 2005, 9:31 pm |
| Cascading Wireless/Wired Routers | September 15, 2005, 1:20 pm |
> Internet access yet cannot (easily) have access to the rest of the private
> net that shares the DSL modem that supplies 'net access to the LAN as a
> whole?