Public & Staff Intergrated Wireless Network

Is it possible to deploy a wireless network throughout a building with the following conditions:

1. Public should be able to access the wireless network without encryption
2. Only allow the public to access the gateway (to the Internet)
3. Allow the staff to connect using encryption
4. Allow the staff to access the Internal network

Our facility covers a city block and has two floors. Deploying to seperate wireless networks would be a waste of money, a headache to configure and possibly impossible with the limited number of channels. I would hope there's an access point that can handle a dual mode setup like this and either routing trafficing using a VLAN or even routing traffic through seperate RJ45 connectors on the access point.

PoE (Power over Ethernet) would be a hugh plus as well. If I can find an access point that allows for this dual connections, PoE, and VLAN channeling I think I can make this project work. Otherwise I'm not sure exactly what to do. We need to allow the public the Internet while protecting our internal servers.


LVL 3
CubeRootAsked:
Who is Participating?
 
JohnjcesConnect With a Mentor Commented:
I use multiple D-Link DWL-3200AP APs and these APs can provide up to four (4) additional SSIDs which will include VLAN and Guest support.

"the DWL-3200AP supports VLAN tagging to provide internal and guest network access options..."

Here's a link...

http://www.dlink.com/products/?pid=396

John


0
 
JohnjcesCommented:
I forgot to mention, they are POE and come with adapters and power supply if not plugging into a POE switch.

They have been rock solid for several years in our hotel guest environment.

John
0
 
PugglewuggleConnect With a Mentor Commented:
I recommend the Cisco Aironet 1130 series. Check out the datasheet section for more info.
http://www.cisco.com/en/US/products/ps6087/index.html 
These are enterprise class APs and support VLANs, wireless VLANs, POE, Muliple SSIDs, and full public/private separation. They even have a feature called AP isolation that prevents computers on the public WVLAN from accessing each other, thus mitigating your legal risk of having attacks occur through your wireless.
These devices are very good.
One other thing you might consider - if your network covers a city block you're obviously going to be maintaining and securing multiple access points. I recommend using a WLAN controller. These can be pricey, let you centrally manage your WLAN deployment, configs, and security. You can even integrate an IPS solution with the WLAN controller if you'd like.
http://www.cisco.com/en/US/products/ps6302/Products_Sub_Category_Home.html
Please try to keep vendors the same... but I think you already know that. :-)
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
CubeRootAuthor Commented:
thank you all for the quick responses. I asked a vendor to workup a Cisco solution but haven't seen anything back yet and am starting to think they forgot about me. I happened across the DWL-3200AP earlier today but didn't realize that has all the features I'm looking for. I figured I would need a switch that supports PoE so I guess I'll need to investigate that as well.
 
I read ..and by read I mean..a single line about WLAN Controllers. Sounds like I need to learn a little more about these as well.
I'm calculating that I'll need to deploy 8-9 access points to cover all the important parts of the building. I'll start reading up on the dlink and cisco solutions right away.
 
0
 
PugglewuggleCommented:
Yes, if you have that big of an area you are managing a WLAN controller is a wise investment. It might cost more starting out, but the added security and management capabilities will save you thousands per year in management and maintenance man hours, not to mention the added security preventing a possible intrusion and theft of data.
The D-link boxes are nice, but I would not consider then enterprise grade by any means. Additionally, the Cisco APs have the ability to authenticate with a remote authentication server for security if you have one.
Again, I highly recommend getting the Cisco ones because of their advanced security features (which as you know are necessary).
If you only need 9 access points then I recommend the Cisco 2112 WLAN controller. It supports up to 12 APs. You might consider the next model up if you ever plan on adding more. Also, Cisco makes WLAN controllers that can fit in a slot of a 6500 switch if you have one of those around.
http://www.cisco.com/en/US/products/ps9818/index.html
Again, try to make sure the vendor is the same on all the equipment - it makes things easier to setup and prevents trouble down the road.
0
 
JohnjcesCommented:
"I figured I would need a switch that supports POE so I guess I'll need to investigate that as well. "...

The D-Links  come with POE adapters so you really do not need a POE switch. Plug the adpater in, plug the power in then plug a cable form your switch and "call it a day"!

John
0
 
PugglewuggleCommented:
You can use the DWL-3200AP with either the included POE injector or with a POE switch. If you have POE switches available I recommend you use them instead - having 9 POE injectors with a separate power adapter, power cord, and two CAT5 cables attached to them can be more than a little messy. :)
You can get POE injectors for the Cisco APs but same as the other - it's best to use a switch if you can to avoid complications and a tangle of cables.
0
 
JohnjcesCommented:
"...having 9 POE injectors with a separate power adapter, power cord, and two CAT5 cables attached to them can be more than a little messy".

I concur form one who knows! It is an octopus! Cost of a POE switch kept me from it anyway.

John
0
 
PugglewuggleCommented:
If you don't have a POE switch you can get a good 24-port one for under $300. :-P
0
 
CubeRootAuthor Commented:
I gave a good look at the D-Link equipment and it would surely do what I need but since I have  a fixed budget for this project and the Cisco equipment is very nice I'm decided to got with the Cisco Aironet 1252 (802.11g & 802.11n draft). They are also upgradable and have some other nice features. Currently debating cusing the Cisco Switch CAT3560.
0
 
CubeRootAuthor Commented:
Thank you for the help. I'm running the proposal past upper administration today.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.