Network design issue for small office setup. Issue relates to wireless access point and DHCP settings.

I am setting up a small office set up for a Charity and have almost finished but have come across an issue with adding a wireless access point.

The Curent Set-Up

The internet ---> Cable Modem -------> Netgear RP11 Websafe Router  ---------> Ethernet card 1 on a SBS2003 Server ||| Ethernet Card 2 on the SBS2003 Server -------> the rest of the office.

This set up works well. Router has an internal address of 192.168.0.1 . Server has 192.168.0.2 and is the DHCP server for the offfice. The router passes all request for ports 0 to 1000 through to 10.168.0.2

Requirement:

To add a wireless access point so laptop users can get access to the internet but not the office network. To do this I added a LinkSys WAP 11 by a cable to the Netgear router. Now the issue is I don't know what DHCP setting I need to make on the Wireless access point to make it all work. I can plug my laptop via an ethernet cable to the Netgear router, give my laptop a static IP and it will get out to the internet. If i give the WAP 11 a static IP and then my laptop a different static IP and try to connect my laptop wirelessly through the WAP 11 then it won't work. The laptop is connecting to the WAP 11 ok. I have tried getting the WAP 11 to be the DHCp sever but that doesn't work either. I do not want to make the netgear router the DHCP sever as that will break the SBS2003 server.

What setting should I be using for the Wireless Acess point. Should I bin the WAp11 and try a different model.

Feel free to ask more questions.

sb5917Asked:
Who is Participating?
 
TheCleanerCommented:
I personally would set static IP info on both server NICs.  I wouldn't mess with DHCP on the server itself.
0
 
Jay_Jay70Commented:
Hi sb5917,

you need to set your Access Point to allow DHCP Relay - most of them have this option, it then relays DHCP from an existing server in your case, your SBS server
0
 
Keith AlabasterEnterprise ArchitectCommented:
Lets take a step back here.

Adding dhcp to the netgear will not cause you an issue assuming you set the start address of the dhcp scope above those already statically assigned;  192.168.0.10 to 192.168.0.50 for example. As the server has a static of 192.168.0.2, this will not cause any issues.

Now you can follow Jay_Jay's suggestion and enable dhcp relay. This lets the WAP device forward on DHCP requests which should be answered by your Netgear.

0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Jay_Jay70Commented:
is the netgear providing DHCP or is the server providing DHCP? i thought it was the server
0
 
Keith AlabasterEnterprise ArchitectCommented:
It is currently the SBS server but the Asker was not comfortable enabling it on the Netgear.
0
 
TheCleanerCommented:
Requirement:

To add a wireless access point so laptop users can get access to the internet but not the office network.
-------------------------------------------------------------------------------------------------------------------------

1)  I'm really confused by the statement that you are allowing all ports 0-1000 INTO your network...that's not smart.  Why do that?

but I digress.

For that WAP to be a guest access AP separate from your local network I would think you would need a way to have it on a separate subnet overall, but that would require a separate gateway IP, either on the existing router, or an additional router.

regardless of the way DHCP is handled, if you give wireless clients an IP on the 192.168.0.x range and a gateway IP of 192.168.0.1, then those clients WILL be on the local office network.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Its sometimes easier.... As SBS comes with ISA server it is easier to let ISA just deal with it:)
0
 
sb5917Author Commented:
Digression - the ports 0 -1000 are not open just the usual ones 80,443etc.. The Netgear Router is just set to forward on any trafic to the server.

The server is the DHCP server.

If we go back to the requirement "To add a wireless access point so laptop users can get access to the internet but not the office network"

I was under the impresion that if I add the WAP to the router rather than to the office network then this would mean the office network was more secure as any wireless client would have to come through the SBS firewall. Is this flawed logic? The WAP doesn't have DHCP relay on it that I can see. I could change Router to be the DHCP server but not being an experienced sys admin I am worried that this might break everything.
0
 
Keith AlabasterEnterprise ArchitectCommented:
I refer you to my answer above. Not quite sure what else we can tell you.
0
 
TheCleanerCommented:
Keith's comment about ISA being on the server is true, and he's the ISA expert, but I was under the impression that it would end up bypassing the firewall because it's on the same local "LAN segment" based on it's IP addresses it's giving to clients, etc.

So I guess what Keith is stating is that in essence it becomes 2 separate Lan's with the same subnet info, and if they "try" to come back through the external NIC on the SBS server that it considers it "external traffic" and will block it from coming in.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Hello Cleaner.

Think of it this way (regardless of ISA actually but assuming ISA is there as well its perfect).

                                     Internet
                                          |
                                          |
                                      Netgear(static IP but runs dhcp starting above static entries already issued)
                                          |
                                    ----------------------------------WAP ---- Wireless clients on a workgroup/standalone
                                   |
                       SBS External NIC (static IP)
                                   |--SBS server with either isa2000/2004
                       SBS Internal NIC (with DHCP set for internal NIC only)
                                   |
               ----- Internal LAN & Clients----

Anyway, said my bit.
0
 
TheCleanerCommented:
Yep, makes perfect sense of course.

I wasn't paying much attention to the dual-homed nature of the server, and treating it as a single NIC on the SBS server at first.
0
 
Keith AlabasterEnterprise ArchitectCommented:
:)
0
 
sb5917Author Commented:
Ok I'll have a go at that. Can someone point me in the direction of how to do this bit though:

SBS Internal NIC (with DHCP set for internal NIC only).

Many Thanks

Simon

0
 
Keith AlabasterEnterprise ArchitectCommented:
Exactly :)
0
 
Keith AlabasterEnterprise ArchitectCommented:
Simon, in the dhcp service, you will see that you can assign the scope to a particulat card?
0
 
Keith AlabasterEnterprise ArchitectCommented:
ie Right-click the dhcp server and select properties - bindings in the dhcp manager
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.