I have a business wireless network and wired network. The wireless AP provides IP ranges in the 172.168.0.x range. The wired network runs on the 10.0.0.x range. I need to be able to allow certain or all clients on the 172.168.0.x range to access files and printers on the 10.0.0.x range. I have two options, one is a USR 8054 router, the other is the main SonicWall firewall/router.
The final object is to be able to let a client laptop, like a visitor, access the printer and a few selec files on the network server. Any help on this would be greatly appreciated.
I think you cannot do it. You must have the IP(s) in the same range like
172.168.0.x and the same Subnet Mask like 255.255.255.0 for them to share resources. For more control of your network, I go with that Sonic Wall. The second thing if it were me is that I would never have a wireless solution in the trusted zone not in a business situation.
Thanks for your input. I haven't yet been able to get it to work. I have changed the wireless ip range to 10.0.1.x to make it a little easier, and dropped the subnet mask to 255.255.254.0, but I am still having problems. Anyone have a suggestion on how to set up the routing using a USR 8054 A/P Router? Or on what the subnet should be?
David, any suggestions on further security? I currently have the access point set with WEP encription, 128 bit, as the clients won't always handle 256, open system, MAC address control, and for when the WL isn't used, the AP doesn't broadcast the SID. Any suggestions for further security would be welcome.
Sure it can work, just needs to be able to route IP traffic between the two networks. There's no restriction on IP addressing as long as you can route the SMB packets between the machines. This is no different from any other subnetted network sharing files.
Nothing wrong with that if it's secured properly. Plenty of people do it securely, granted lots don't.
It's a common issue with Sonicwall products, which offers isolated wired and wireless "zones". I've done it with a TZ170 wireless router by tweaking the wireless zones configuration with static routes to the printers. The static route should have given the wireless users a small block of IP address in the 172.168.0.xxx range that will map to equivalent addresses in the 10.0.0.xxx range. All the experts I talked with, plus Sonicwall support, indicated that it should work. I never could get it to work. This was about 2 years ago, so you might wanna call Sonicwall to see if they now have a working setup.
I then kludged it by setting up a VPN between the wireless side and wired side. The client computer runs an IPSec VPN client (available from Sonicwall). The TZ170 terminates the VPN connection on the wired size (using zones again). That worked. Nobody liked that solution (too much work to click the VPN connection icon and setup the authentication).
So, I implimented another abomination. I plugged the shared printers into a Freesco Linux router with multiple WAN side interfaces. One card was a wireless client (WAP54G) while the other was wired ethernet. The printers were plugged into the parallel ports and one network port. I tinkered with the routeing rules until I had everything isolated and working. The clients used LPR/LPD for printing, which turned into somewhat of an ordeal for visitors wanting to print.
Then, they re-organize and the printers had to be moved to a non-central location. I gave up and setup seperate printers on the wired and wireless LAN's. It was cheaper to buy a new laser printer than to pay my exhorbitant consulting fees to make another kludge work.
One suspects that the first IP range is really 192.168.0.x, and neither that nor 10.x.x.x are supposed to be routeable addresses. It is _possible_ to route them but most routers won't, and they certainly shouldn't be routed on the open Internet.
That works as long as their routers will route those IPs to the WAN [1]. Afaict, Linksys either default or with Sveasoft firmware _won't_. I don't know about Ben's routers, but it's quite likely that if they can route private addresses, they're not configured to do so.
[1] Suddenly methinks there's the answer - the wired network does not _have_ to connect to the WAN side of the wireless router.
Internally, within an organisation, there should be no problem whatsoever. Remember, many organisations have been using the RFC1918 address ranges internally and they aren't all on the same subnet! :)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.