Solved

Public & Staff Intergrated Wireless Network

Posted on 2008-10-01
11
425 Views
Last Modified: 2010-04-21
Is it possible to deploy a wireless network throughout a building with the following conditions:

1. Public should be able to access the wireless network without encryption
2. Only allow the public to access the gateway (to the Internet)
3. Allow the staff to connect using encryption
4. Allow the staff to access the Internal network

Our facility covers a city block and has two floors. Deploying to seperate wireless networks would be a waste of money, a headache to configure and possibly impossible with the limited number of channels. I would hope there's an access point that can handle a dual mode setup like this and either routing trafficing using a VLAN or even routing traffic through seperate RJ45 connectors on the access point.

PoE (Power over Ethernet) would be a hugh plus as well. If I can find an access point that allows for this dual connections, PoE, and VLAN channeling I think I can make this project work. Otherwise I'm not sure exactly what to do. We need to allow the public the Internet while protecting our internal servers.


0
Comment
Question by:CubeRoot
  • 4
  • 4
  • 3
11 Comments
 
LVL 18

Accepted Solution

by:
Johnjces earned 250 total points
ID: 22617349
I use multiple D-Link DWL-3200AP APs and these APs can provide up to four (4) additional SSIDs which will include VLAN and Guest support.

"the DWL-3200AP supports VLAN tagging to provide internal and guest network access options..."

Here's a link...

http://www.dlink.com/products/?pid=396

John


0
 
LVL 18

Expert Comment

by:Johnjces
ID: 22617384
I forgot to mention, they are POE and come with adapters and power supply if not plugging into a POE switch.

They have been rock solid for several years in our hotel guest environment.

John
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 250 total points
ID: 22617700
I recommend the Cisco Aironet 1130 series. Check out the datasheet section for more info.
http://www.cisco.com/en/US/products/ps6087/index.html
These are enterprise class APs and support VLANs, wireless VLANs, POE, Muliple SSIDs, and full public/private separation. They even have a feature called AP isolation that prevents computers on the public WVLAN from accessing each other, thus mitigating your legal risk of having attacks occur through your wireless.
These devices are very good.
One other thing you might consider - if your network covers a city block you're obviously going to be maintaining and securing multiple access points. I recommend using a WLAN controller. These can be pricey, let you centrally manage your WLAN deployment, configs, and security. You can even integrate an IPS solution with the WLAN controller if you'd like.
http://www.cisco.com/en/US/products/ps6302/Products_Sub_Category_Home.html
Please try to keep vendors the same... but I think you already know that. :-)
0
 
LVL 3

Author Comment

by:CubeRoot
ID: 22618364
thank you all for the quick responses. I asked a vendor to workup a Cisco solution but haven't seen anything back yet and am starting to think they forgot about me. I happened across the DWL-3200AP earlier today but didn't realize that has all the features I'm looking for. I figured I would need a switch that supports PoE so I guess I'll need to investigate that as well.
 
I read ..and by read I mean..a single line about WLAN Controllers. Sounds like I need to learn a little more about these as well.
I'm calculating that I'll need to deploy 8-9 access points to cover all the important parts of the building. I'll start reading up on the dlink and cisco solutions right away.
 
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22618496
Yes, if you have that big of an area you are managing a WLAN controller is a wise investment. It might cost more starting out, but the added security and management capabilities will save you thousands per year in management and maintenance man hours, not to mention the added security preventing a possible intrusion and theft of data.
The D-link boxes are nice, but I would not consider then enterprise grade by any means. Additionally, the Cisco APs have the ability to authenticate with a remote authentication server for security if you have one.
Again, I highly recommend getting the Cisco ones because of their advanced security features (which as you know are necessary).
If you only need 9 access points then I recommend the Cisco 2112 WLAN controller. It supports up to 12 APs. You might consider the next model up if you ever plan on adding more. Also, Cisco makes WLAN controllers that can fit in a slot of a 6500 switch if you have one of those around.
http://www.cisco.com/en/US/products/ps9818/index.html
Again, try to make sure the vendor is the same on all the equipment - it makes things easier to setup and prevents trouble down the road.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 18

Expert Comment

by:Johnjces
ID: 22619203
"I figured I would need a switch that supports POE so I guess I'll need to investigate that as well. "...

The D-Links  come with POE adapters so you really do not need a POE switch. Plug the adpater in, plug the power in then plug a cable form your switch and "call it a day"!

John
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22619389
You can use the DWL-3200AP with either the included POE injector or with a POE switch. If you have POE switches available I recommend you use them instead - having 9 POE injectors with a separate power adapter, power cord, and two CAT5 cables attached to them can be more than a little messy. :)
You can get POE injectors for the Cisco APs but same as the other - it's best to use a switch if you can to avoid complications and a tangle of cables.
0
 
LVL 18

Expert Comment

by:Johnjces
ID: 22619430
"...having 9 POE injectors with a separate power adapter, power cord, and two CAT5 cables attached to them can be more than a little messy".

I concur form one who knows! It is an octopus! Cost of a POE switch kept me from it anyway.

John
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22619558
If you don't have a POE switch you can get a good 24-port one for under $300. :-P
0
 
LVL 3

Author Comment

by:CubeRoot
ID: 22668911
I gave a good look at the D-Link equipment and it would surely do what I need but since I have  a fixed budget for this project and the Cisco equipment is very nice I'm decided to got with the Cisco Aironet 1252 (802.11g & 802.11n draft). They are also upgradable and have some other nice features. Currently debating cusing the Cisco Switch CAT3560.
0
 
LVL 3

Author Closing Comment

by:CubeRoot
ID: 31502081
Thank you for the help. I'm running the proposal past upper administration today.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now