Advice required for secure LAN/ unsecure WLAN

I have a requirement for a router that can configured to separate the LAN from WLAN.

I need to be able to have an unencrypted WLAN to WAN/INTERNET network available to users of the coffee shop, but configured in such a way that they are unable to access the internal LAN that runs the epos systems.

One computer on the LAN also needs access to the WAN/INTERNET.

I believe that a sonicwall TZ170 wireless may do the job, but are there any alternative products?

Jason Russell

Reply to
Jason Russell
Loading thread data ...

Yeah, it's called get a second router that would use the gateway router to the Internet so that machines connected to it can access the Internet. The second router will segregate the two networks, with the machine behind the second router protected from the machines on the unprotected wireless LAN. You should make sure that the second router is an all wire solution.

Duane :)

Reply to
Duane Arnold

"Duane Arnold" hath wroth:

Agreed. Some comments.

  1. The TZ170 comes in various versions and user counts. 10 users is currently barely adequate for a coffee shop. The problem is that the ever prevalent game boxes, WiFi phones, and PDA's are raising the user count without actually generating any traffic. They connect, associate, and sometimes login, and then do nothing. I've seen the DHCP table contain 50 entries with only one laptop in the coffee shop. It's all from "drive by" WiFi users.
  2. If the ISP offers a 2nd IP address, it's easy. One modem, two routers, and two totally independent networks. This is what I do at 2 coffee shops. The problem is that it gets expensive. For example, PBI/SBC/AT&T DSL is normally about /month for a single IP dynamic IP account, /month for 5 static IP's, and nothing in between. Because it's a business, AT&T DSL will not apply residential discounts and promotions. With a /month differential, it doesn't take many months before the TZ170 becomes economical.
  3. If only one IP is available, such as with cable modem service, then some ingenuity is required. Double NAT will work with some complications. For example: |
    formatting link
    covered the IP address layout in the following thread: |
    formatting link
  4. It is also possible to build a multiple ethernet port Linux based server that can separate connected LAN's using routing between ports. I don't wanna go into this option right now (because I don't want to do the necessary reading and Goggling).
Reply to
Jeff Liebermann

By far the easiest way to do this if you already have a LAN in place with a router and internet connection would be to purchase a cheaper router/AP in one and simply plug the WAN port of the new AP/router into a lan port of the exsiting LAN switch. Even if you don't have any equipment currently this would still work fine... you could have a wired or wireless AP/router with security enabled controlling your internet connection and POS LAN then purchanse another router/wireless AP configured as above with no security enabled.

With the above setup clients could connect to your open access point and have internet access but would be unable to browse your local LAN because there is no way to get local traffic on the unsecure AP across the WAN port to the other switch.


Reply to
Adair Witner Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.