Hi all
I have a DSL connection and it is shared by 4 computers (A, B, C, D) through an AP(and router). I want to make first two computers (A, B) on the network so that they can share files. Similarly I want other two computers to be in a differnt network (C,D) and be able to share files.
There should clear isolation between these two networks so that A cannot peek into C 's files.
Please let me know how I can do that with one AP (+ router).
Thanks for your help Raj
On 3 Nov 2006 23:30:32 -0800, snipped-for-privacy@gmail.com wrote in :
You can't do that kind of isolation with a typical "bargain" wireless access point. You're going to need two bargain wireless access points (separate wireless networks) isolated from each other by a capable wired router.
first, you say AP(router) and your in a wireless group, so i'm assuming that all the computers are going to be wirelessly connected to the router.
most 'inexpensive' routers only had out DHCP IPs the a set IP number
ie : lan gateway 192.168.1.1 wireless ip DHCP 192.168.1.100 - 192.168.1.254
The easy way,
PART 1 Set A & B in one workgroup ie: GROUP1 Set C & D in one workgroup ie: GROUP2
PART 2 Set the shares up for A & B Set the shares up for C & D
Workgroup for C& D Be sure that users and shares are not the same for WG A&B
Workgroup for A&B Be sure that users and shares are not the same for WG C&D
Do not exchange the usernames or passwords with GROUP1 and GROUP2
However, if a user in Group2 puts his workgroup name to Group1 he will be able to see the computers in group 1 but without the passwords he will not be able to join (see the contents) of the workgroup.
You could make all the accounts 'USER' accounts instead of administrator accounts of the WG, then they couldn't change the WG name.
This still isn't secure to a good hacker, The only sure way is to get a more expensive router that will provide isolation between users but your going to spend $200 + for this kind of a router
Bob
Thanks Bob,
I will try and update..
Bob Smith wrote:
Generally you can't. Most SoHo routers (small office, home office) have a single switch. That switch usually does not have any sort of VLAN or other segmenting features. It's usually just "one switch". Thus you can't partition the traffic.
Your only easy solution would be to just get two more routers. Put each of them behind the main route and leave their firewalls enabled. That'll work for nearly all typical online traffic. Just pickup two low-end routers.
-Bill Kearney
On Mon, 6 Nov 2006 17:17:12 -0500, "Bill Kearney" wrote in :
The problem with that is the wireless clients will be on "double NAT", which can cause problems. That's why I recommended wireless access points isolated by a capable wired router.
Which really isn't much of a problem. I've run several setups behind two layers of NAT routing and it's been quite workable. Everything any normal users are going to want to accomplish is going to work. I've tried a whole range of tools from IM to Skype and they work without incident. Yes, there are some things like inbound VPN, VoIP and ssh (to name a few) that might require port programming. But I've configured ports for those forwarded from the outside NAT through the inside NAT and they likewise worked just fine.
Now if they wanted to get into fancier setup for inbound traffic then they'd be better served moving up to a "real" router like any number of the Cisco offerings. Higher-end routers would allow them to setup VLANs across the switch ports on a single router and isolate traffic that way. But that won't come without the added cost of the router AND the experience necessary to get the various ACLs programmed.
So if all the original poster wants to do is setup the A/B networks separate from each other, and just wants to use regular web and e-mail sort of applications they'd be perfectly fine using a double NAT setup. Experience shows it works.
On Wed, 8 Nov 2006 10:42:59 -0500, "Bill Kearney" wrote in :
For you. I've had to remove double NAT for some of my clients and friends that ran into problems. I personally don't think it's worth the risk and grief. As I wrote, double NAT can be avoided with two bargain APs behind a suitable wired router, much cheaper than a Cisco offering. Or with two bargain wireless routers and a switch/hub if the ISP will provide two external IP addresses.
Risk? Grief? That just bullshit and hype. It works. More than well enough for most typical home users. It's indeed true that a business situation /might/ need more. Most, however, won't unless they're hosting their own services inside their network.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.