We have a secure Wireless network using wep and mac filtering. My Boss wants clients to have access to internet fropm our office without having to add their mac address and enter a code on their end. Is there a good procedure for adding a WAP for internet only? I dont want this WAP to giver access to anything except my router going out. I would like it to disk out its own DHCP in a completely different network but still give the users Internet access Is there a whitepaper or howto>/??
If you knew enough to get the network setup like it is already then you ought to know how to do this. If not, call (and pay) the people that set it up. Get this wrong and you run the risk of compromising the network security quite badly.
You don't describe the coverage area needed. If it's just one room or small area then one access point might cover it. But if it's a multi-room, several floors or multiple buildings then it gets CONSIDERABLY more complex. Which is it?
That's the first question. After that a whole bunch of others follow. Mostly concerning the existing internet connection and type of firewall being used.
Nice attitude. We come here for help, not to hear that we should already know how or to go hire someone. Grrrr!!!
I have the same problem. Westell 327w dsl modem on home network. I'd like a separate unsecured network with internet access, but no access to the primary network. I need 20 foot range. I have several consumer-grade access points and routers. Can't figure how to set it up.
No, I don't want a lecture that I shouldn't. I want a tutorial on HOW.
But what Bill is alluding too, is that if you are responsible for the network security you need to know how risk adverse you or your business is and make appropriate decisions.
If you can get a second ip address from your internet provider just set up a separate network.
If you can't get a second ip then connect one router to your isp and then connect wan ports of two additional routers to lan side of ISP connected router.
There are some issues with double natting so you mileage may vary.
A different option would be to find a router with 1 wan port and the ability to route between two diffrent internal networks
If you want to run two wireless networks in same proximity choose your channels properly.
Thanks for the link. Now, I gotta go searching for the needle in that haystack.
I'm not overly concerned about highest security. Ain't nothing worth having on the machine. Just like to try to keep out the pranksters who like to trash your system. Spending money on the project is outa the question.
Two issues I forgot to mention...
1) the router I want open is built into the dsl modem. I want the high speed router to be the secure one.
2) I need to port forward to the net on the secondary router for voip, vnc, etc.
I got the thing to work with two different nets...192.168.1.x and
192.168.2.x but couldn't figure out how to port forward to the second router. I tried subnetting one address range with subnet mask and assigning two dhcp servers, one for each half. All that did was take the other half of the last octet out of the list. Could still access the other half. mike
And if you listen long enough, instead of shooting your proverbial mouth off, you'll know who here can give useful and accurate answers. If you want hand holding then pay someone. For free, you put up and SHUT UP.
With that attitude? Get stuffed. Hopefully the original poster will come back with some answers and we can move forward on helping HIM instead.
Exactly. But before opening THAT can of worms, which is more 'political' than technical, it's best to get a heads-up on just what sort of access is necessary. That and what sort of budget is available. I've been doing this sort of work for over two decades so I'm more than a little familiar with all aspects of getting it going.
Yep, this is often the safest 'route', pun intended. This is a trivial router config change on the part of the ISP. But one for which they may gouge a princely sum. Again, just what sort of networking is required may dictate what can be offered.
With a second external address you just add a switch between the DSL modem and the two switches. Each router's WAN port goes into the switch. Then a cross-over cable goes from the switch to the DSL modem port.
But here's another wrinkle to consider, what if these 'guests' need to print something? Getting them connected to the local printers may be less-than-trivial depending on how the system is set up. As in, not by using an external IP address.
For an office environment of anything more than the most trivial of setups it can really get complicated getting things setup SECURELY.
As for 'who cares about security', if you care enough to expect your computer to turn on and be usable, you'd better care. It's trivially simple for the malicious pranksters to reach out from across the globe and trash networks. Don't let yours fall prey.
If you put the guest network behind the 1st router then you risk leaving the 1st router's network open to access from the guests. If you put the main network behind the guest router you avoid this but then introduce the double-NAT hopping. That and funnel what could be a LOT of traffic through the guest router.
A good suggestion. Cisco's routers are a great solution here. They're not cheap but they possess the necessary degree of configurability that you just will not find in low-end routers (a la linksys, d-link, etc). With IOS you get a more versatile, and well understood, interface that allows quite sophisticated programming. But programming one is not something you just 'pick up' on the fly. This is why I suggested hiring a professional. By the time the novice figures out he's in over his head, good money has been wasted on low-end gear that can't do the job, to say nothing of compromised security and wasted time. Not a recipe for keeping the overworked IT staff employed...
That's a whole other rats nest, but good to point it out.
Sounds like the setup needs some thoughtful planning, I would reccommend starting by making a list of hardware making sure you include manufacturer, and software verson numbers then you might be able to get more specific answers
I was under the impression that wep was now deemed to be so readily breakable as to be considered insecure and that mac filtering virtually only prevented the most trivial of intrusion attempts.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.