Solved

Dedicated DHCP Address

Posted on 2007-11-22
8
845 Views
Last Modified: 2012-06-21
We have been "told" to setup a "client" Wireless Access point so visitors can be given  the  "password" and have internet access when in the office.

We have attached a Netgear WN802T to the network which people can connect to without any problems.

The problem,

When a visitor connects they are givern a IP address from the companies DHCP servers.  These
address do not have internet access as we use a proxy server and only certain IP's have external firewalls access. I need a way of ensuring the Access Point gives out a certain range of IP's via DHCP that can be allowed direst internet access.

Thankyou in advance

0
Comment
Question by:SGPIT
  • 4
  • 2
8 Comments
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 20334079
You should be able to set up your wireless access point with NAT. That's Network Address Translation. Most current access points have this capability and will have their own internal DHCP server. You can have this server give out addresses on a private subnet just to be used for your wireless users that connect to that access point. Then all traffic coming from that access point to your companies network would appear to be coming from the same IP Address, but the NAT router in the Access Point keep control of making sure that the right information is returned to the right session.

If all of the traffic appears to be coming from the one IP Address, then it's easy enough on your network to create a rule that allows that one address to get through to the Internet.

In this configuration, you would assign the AP a specific address that you would configure on the company firewall to allow access. Then enable the NAT configuration on the AP, and assign a new range of addresses on the AP's DHCP server to assign only to wireless clients.
0
 

Author Comment

by:SGPIT
ID: 20334128
"You should be able to set up your wireless access point with NAT"

Not on the WN802T, its purely a "access point only" (as I understand).

2will have their own internal DHCP server"

No internal DHCP Server, hence the problem.  It passes the requests to the internal DHCP Servers without a problem but "unless I know" the visitors mac address then they fail to get internat access.



0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 20337087
Then I'm sorry. You might want to go back to the people that gave you those requirements and ask them to pay another 40-50 dollars for an access point that can do NAT translations.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 4

Expert Comment

by:wally2k7
ID: 20357396
Can you not connect the access point to the outside world directly, I assume all they need is the internet not internal lan connection. That would still pose a problem on the DNCP side however. A wireless router to replace your current access point. Bypass the network completely and connect straight into your external internet connection. That should do the triclk, ?? :-S maybe.

Am I going anywhere near the right direction??

Regards, Rich
0
 

Author Comment

by:SGPIT
ID: 20358055
"Can you not connect the access point to the outside world directly, I assume all they need is the internet not internal lan connection. "

The access point are used for internal and external access.  Depending on their assigned IP the firewall then allows/dis-allows internet access.

Is there a "cost effective" acces spoint that has "inbuilt" dhcp.

Thankyou
0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 20359173
"Is there a "cost effective" acces spoint that has "inbuilt" dhcp"

Yes... very cost effective. Check out Linksys, Dlink, Motorola...
I have a few Linksys BEFSR41's. They have a 4 port switch as well as the wireless connectivity. One port is used for connecting to your LAN. Then the router provides Network Address Translation (NAT) and built-in DHCP. The addresses given out are on their own private subnet (192.168.1.x) and the gateway and DNS information are automatically sent to the clients. The LAN side can be set static, so your firewall configuration can be set up so that clients that come from that source address automatically get the proper access to the Internet.

The BEFSR41 is only 802.11b, so it only supports 11Mbits. I wouldn't suggest that to anyone now. Instead check out the WRT54G which is 802.11g. Here's some information I copied from the product info page at Best Buy (where the unit costs only $69.99).

Product Features:
- Wireless-G networking (54g) allows stepped-up data transfer speeds while maintaining worry-free compatibility with 802.11b networks
- Up to 54 Mbps data transfer rates — almost 5 times more than typical 802.11b rates
- 2.4GHz wireless frequency (802.11g- and 802.11b-compliant)
- Compatible with 802.11b networks (at 11 Mbps)
- Share high-speed broadband Internet access plus files and printers among multiple computers, with or without wires
- Built-in 4-port 10/100 Ethernet switch with auto speed sensing
- Capable of up to 128-bit WEP (Wired Equivalent Privacy) encryption
- Advanced security with NAT technology, VPN pass-through and MAC or IP address filtering
- Ability to act as DHCP (Dynamic Host Configuration Protocol) server for existing network (a new computer can be added to network without manually assigning it a unique IP address)
- Easy browser-based configuration utility


0
 
LVL 13

Accepted Solution

by:
dhoffman_98 earned 500 total points
ID: 20489549
Rindi,

I think more than enough sufficient information was provided to mark this as a force accept instead of abandoned.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Surface Pro 4 keyboard not responding 4 69
Public DNS? 10 112
DHCP lease duration / Migration 8 95
Cloud Migration Questions 8 103
Ever wondered why you had to use DHCP options (dhcp opt 60, 66 or 67) in order to use PXE? Well, you don't!
A Cisco router can be configured as a DHCP Server. There are advantages and disadvantages in making your Cisco router work as DHCP Server. Almost all the features for windows DHCP can be configured on Cisco-based DHCP server. Some of the features me…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question