Solved

Best way to setup Wireless Network for both employees and guests

Posted on 2008-10-01
8
674 Views
Last Modified: 2013-11-12
We have a client that wants us to install a wireless network for them.  they will only need 2 or 3 access points to cover the entire building.

I would like to set them up to have 2 SSIDs, one for guests and one for employees.  I would like for the employee one to have access to everything and for the guest one to limit traffic to only the internet.

Question, what is the best way to accomplish this?  I am sure that there are many expensive systems out there to handle this sort of thing, but I would like to try to find a cost effective way to handle this (I would like to not spend more than $1500 if possible).

Also, I would like to do it using Cisco equipment although I am open to other vendor suggestions.

THANKS!
0
Comment
Question by:AutomatedIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Expert Comment

by:aboredman
ID: 22618717
What services are available on the network?
Does you customer use active directory?
0
 
LVL 1

Author Comment

by:AutomatedIT
ID: 22618738
They have a Microsoft network with Active Directory (Windows Server 2003).

They also have exchange, network printers, shared files.

0
 
LVL 11

Accepted Solution

by:
billwharton earned 500 total points
ID: 22618760
simply trunk the access point to the switch using a trunk port so that it can pass two different vlan's. SSID translates to vlan on the switch and the traffic is kept separate. Next, apply acl's on the guest vlan to prevent them access to your internal network and only allow traffic to the internet. Most wireless vendors allow this kind of design
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 7

Expert Comment

by:aboredman
ID: 22618795
Well depending on the security level you need if the guests are not member of the same domain (or of a trusted domain) and your AD security is set right (no permission to EVERYONE) they won't have access to anything.

Exchange, shares, printers and the network should require AD credentials to be accessed.
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22618820
You are not going to find a managed wireless solution, especially Cisco for that price.  The optimal solution would be a wireless lan controller 2106, with three LWAPs, fed into your network at which point you could use IAS from Active Directory to handle you user's authentication.  Guest Authentication could be open, or WPA2
The poor man solution would be to just buy some linksys wireless AP's and put them in your network for your users, the newer ones still support using Radius or IAS, stick those on the inside of your network for you authenticated users.
Stick another one in your DMZ switch to provide access to your guest, limits your guest to a certain area
0
 
LVL 3

Expert Comment

by:omic_admin
ID: 22619220
I agree with peralesa-a DMZ with two sets of networks for the wireless would be the safest bet. I've heard that VLANs can be bypassed if someone knows what they are doing to force the switches to abandon VLANs when there is a heavy load. Having a separate, parallel SSID that sits on the DMZ for guests would be best, as they would be outside he firewall, while the protected SSID would allow regular users. However, this would involve multiple cabling for the APs and double routers for each area you are covering.
0
 
LVL 6

Expert Comment

by:kavlins
ID: 22619406
Create 2 VLANS, 1  for guests and another for Internal users....

1) create access-lists on Guest VLAN to restrict access to Internal network.

This way you avoid spending money on buying expensive equipments.....
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22619740
I recommend the Cisco Aironet 1130 series. Check out the datasheet section for more info.

http://www.cisco.com/en/US/products/ps6087/index.html

These are enterprise class APs and support VLANs, wireless VLANs, POE, Muliple SSIDs, and full public/private separation. They even have a feature called AP isolation that prevents computers on the public WVLAN from accessing each other, thus mitigating your legal risk of having attacks occur through your wireless.
You can also authenticate against LDAP (MS AD), RADIUS, or TACACS+.

These devices are very good. And generally go for about $500 USD each.
Please let me know if you have any questions!
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month5 days, left to enroll

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question