Wireless Access to Customers

Posted on 2006-05-31
Last Modified: 2010-03-19
We have internet access through our LAN, so we want to give customers access to the internet using our connection via wireless connectivity.  However we don't want them to be able to see, ping or do anything except get out on the internet.  What is the easiest way to achieve this.  We are using a US Robotics AP.

Question by:geohix
    LVL 87

    Accepted Solution

    Use a separate network segment for the access point which is outside your normal lan.
    LVL 5

    Assisted Solution

    VLANs and access-lists are one way.

    With my  former employer, the public had wireless access that was on a separate VLAN. We used a Cisco 3560 POE switch dedicated for the public use. We used VLAN trunking to an interface on our router that blocked access via access-list from that subnet to our internal network.

    Internal Network Switch -------------- Router ----------- ISP                                      |
    Public Access Switch ----------------------|

    The access-lists as well as the lack of routes directing traffic from the network to the network prevented access to our internal network.

    We were on a limited budget and I am certain that there are a dozen better ways to do this. But, this was effective and relatively inexpensive.
    LVL 5

    Expert Comment

    BTW. We used the Cisco 3560 POE switch because we did not have electrical outlets near our APs. The same results can be achieved with a much less expensive switch, i.e., an HP or NetGear.
    LVL 27

    Assisted Solution

    Easiest - parallel non-connected network mentioned by rindi - we do this with DSL lines.

    Medium security & complexity - Mad Jasper's solution.  However it could be broken with a vlan flooding attack internally.

    Most complex, best security - 802.1x authentication with GRE tunneling to your Internet edge.
    LVL 3

    Assisted Solution

    Have you got a DMZ port off of your router?  If you do plug the AP into the DMZ port and forward all traffic from the AP to the Internet don't allow it to come back inside.  

    If you have more than 1 Ap configure the AP plugged into the router as the base AP and configure your other APs for a wireless back haul to the base AP keeps the traffic off of your Lan.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now