Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

Network design issue for small office setup. Issue relates to wireless access point and DHCP settings.

I am setting up a small office set up for a Charity and have almost finished but have come across an issue with adding a wireless access point.

The Curent Set-Up

The internet ---> Cable Modem -------> Netgear RP11 Websafe Router  ---------> Ethernet card 1 on a SBS2003 Server ||| Ethernet Card 2 on the SBS2003 Server -------> the rest of the office.

This set up works well. Router has an internal address of 192.168.0.1 . Server has 192.168.0.2 and is the DHCP server for the offfice. The router passes all request for ports 0 to 1000 through to 10.168.0.2

Requirement:

To add a wireless access point so laptop users can get access to the internet but not the office network. To do this I added a LinkSys WAP 11 by a cable to the Netgear router. Now the issue is I don't know what DHCP setting I need to make on the Wireless access point to make it all work. I can plug my laptop via an ethernet cable to the Netgear router, give my laptop a static IP and it will get out to the internet. If i give the WAP 11 a static IP and then my laptop a different static IP and try to connect my laptop wirelessly through the WAP 11 then it won't work. The laptop is connecting to the WAP 11 ok. I have tried getting the WAP 11 to be the DHCp sever but that doesn't work either. I do not want to make the netgear router the DHCP sever as that will break the SBS2003 server.

What setting should I be using for the Wireless Acess point. Should I bin the WAp11 and try a different model.

Feel free to ask more questions.

0
sb5917
Asked:
sb5917
  • 9
  • 4
  • 2
  • +1
2 Solutions
 
Jay_Jay70Commented:
Hi sb5917,

you need to set your Access Point to allow DHCP Relay - most of them have this option, it then relays DHCP from an existing server in your case, your SBS server
0
 
Keith AlabasterCommented:
Lets take a step back here.

Adding dhcp to the netgear will not cause you an issue assuming you set the start address of the dhcp scope above those already statically assigned;  192.168.0.10 to 192.168.0.50 for example. As the server has a static of 192.168.0.2, this will not cause any issues.

Now you can follow Jay_Jay's suggestion and enable dhcp relay. This lets the WAP device forward on DHCP requests which should be answered by your Netgear.

0
 
Jay_Jay70Commented:
is the netgear providing DHCP or is the server providing DHCP? i thought it was the server
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
Keith AlabasterCommented:
It is currently the SBS server but the Asker was not comfortable enabling it on the Netgear.
0
 
TheCleanerCommented:
Requirement:

To add a wireless access point so laptop users can get access to the internet but not the office network.
-------------------------------------------------------------------------------------------------------------------------

1)  I'm really confused by the statement that you are allowing all ports 0-1000 INTO your network...that's not smart.  Why do that?

but I digress.

For that WAP to be a guest access AP separate from your local network I would think you would need a way to have it on a separate subnet overall, but that would require a separate gateway IP, either on the existing router, or an additional router.

regardless of the way DHCP is handled, if you give wireless clients an IP on the 192.168.0.x range and a gateway IP of 192.168.0.1, then those clients WILL be on the local office network.
0
 
Keith AlabasterCommented:
Its sometimes easier.... As SBS comes with ISA server it is easier to let ISA just deal with it:)
0
 
sb5917Author Commented:
Digression - the ports 0 -1000 are not open just the usual ones 80,443etc.. The Netgear Router is just set to forward on any trafic to the server.

The server is the DHCP server.

If we go back to the requirement "To add a wireless access point so laptop users can get access to the internet but not the office network"

I was under the impresion that if I add the WAP to the router rather than to the office network then this would mean the office network was more secure as any wireless client would have to come through the SBS firewall. Is this flawed logic? The WAP doesn't have DHCP relay on it that I can see. I could change Router to be the DHCP server but not being an experienced sys admin I am worried that this might break everything.
0
 
Keith AlabasterCommented:
I refer you to my answer above. Not quite sure what else we can tell you.
0
 
TheCleanerCommented:
Keith's comment about ISA being on the server is true, and he's the ISA expert, but I was under the impression that it would end up bypassing the firewall because it's on the same local "LAN segment" based on it's IP addresses it's giving to clients, etc.

So I guess what Keith is stating is that in essence it becomes 2 separate Lan's with the same subnet info, and if they "try" to come back through the external NIC on the SBS server that it considers it "external traffic" and will block it from coming in.
0
 
Keith AlabasterCommented:
Hello Cleaner.

Think of it this way (regardless of ISA actually but assuming ISA is there as well its perfect).

                                     Internet
                                          |
                                          |
                                      Netgear(static IP but runs dhcp starting above static entries already issued)
                                          |
                                    ----------------------------------WAP ---- Wireless clients on a workgroup/standalone
                                   |
                       SBS External NIC (static IP)
                                   |--SBS server with either isa2000/2004
                       SBS Internal NIC (with DHCP set for internal NIC only)
                                   |
               ----- Internal LAN & Clients----

Anyway, said my bit.
0
 
TheCleanerCommented:
Yep, makes perfect sense of course.

I wasn't paying much attention to the dual-homed nature of the server, and treating it as a single NIC on the SBS server at first.
0
 
Keith AlabasterCommented:
:)
0
 
sb5917Author Commented:
Ok I'll have a go at that. Can someone point me in the direction of how to do this bit though:

SBS Internal NIC (with DHCP set for internal NIC only).

Many Thanks

Simon

0
 
TheCleanerCommented:
I personally would set static IP info on both server NICs.  I wouldn't mess with DHCP on the server itself.
0
 
Keith AlabasterCommented:
Exactly :)
0
 
Keith AlabasterCommented:
Simon, in the dhcp service, you will see that you can assign the scope to a particulat card?
0
 
Keith AlabasterCommented:
ie Right-click the dhcp server and select properties - bindings in the dhcp manager
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 9
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now