Solved

Best way to setup Wireless Network for both employees and guests

Posted on 2008-10-01
8
667 Views
Last Modified: 2013-11-12
We have a client that wants us to install a wireless network for them.  they will only need 2 or 3 access points to cover the entire building.

I would like to set them up to have 2 SSIDs, one for guests and one for employees.  I would like for the employee one to have access to everything and for the guest one to limit traffic to only the internet.

Question, what is the best way to accomplish this?  I am sure that there are many expensive systems out there to handle this sort of thing, but I would like to try to find a cost effective way to handle this (I would like to not spend more than $1500 if possible).

Also, I would like to do it using Cisco equipment although I am open to other vendor suggestions.

THANKS!
0
Comment
Question by:AutomatedIT
8 Comments
 
LVL 7

Expert Comment

by:aboredman
ID: 22618717
What services are available on the network?
Does you customer use active directory?
0
 
LVL 1

Author Comment

by:AutomatedIT
ID: 22618738
They have a Microsoft network with Active Directory (Windows Server 2003).

They also have exchange, network printers, shared files.

0
 
LVL 11

Accepted Solution

by:
billwharton earned 500 total points
ID: 22618760
simply trunk the access point to the switch using a trunk port so that it can pass two different vlan's. SSID translates to vlan on the switch and the traffic is kept separate. Next, apply acl's on the guest vlan to prevent them access to your internal network and only allow traffic to the internet. Most wireless vendors allow this kind of design
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 7

Expert Comment

by:aboredman
ID: 22618795
Well depending on the security level you need if the guests are not member of the same domain (or of a trusted domain) and your AD security is set right (no permission to EVERYONE) they won't have access to anything.

Exchange, shares, printers and the network should require AD credentials to be accessed.
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22618820
You are not going to find a managed wireless solution, especially Cisco for that price.  The optimal solution would be a wireless lan controller 2106, with three LWAPs, fed into your network at which point you could use IAS from Active Directory to handle you user's authentication.  Guest Authentication could be open, or WPA2
The poor man solution would be to just buy some linksys wireless AP's and put them in your network for your users, the newer ones still support using Radius or IAS, stick those on the inside of your network for you authenticated users.
Stick another one in your DMZ switch to provide access to your guest, limits your guest to a certain area
0
 
LVL 3

Expert Comment

by:omic_admin
ID: 22619220
I agree with peralesa-a DMZ with two sets of networks for the wireless would be the safest bet. I've heard that VLANs can be bypassed if someone knows what they are doing to force the switches to abandon VLANs when there is a heavy load. Having a separate, parallel SSID that sits on the DMZ for guests would be best, as they would be outside he firewall, while the protected SSID would allow regular users. However, this would involve multiple cabling for the APs and double routers for each area you are covering.
0
 
LVL 6

Expert Comment

by:kavlins
ID: 22619406
Create 2 VLANS, 1  for guests and another for Internal users....

1) create access-lists on Guest VLAN to restrict access to Internal network.

This way you avoid spending money on buying expensive equipments.....
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22619740
I recommend the Cisco Aironet 1130 series. Check out the datasheet section for more info.

http://www.cisco.com/en/US/products/ps6087/index.html

These are enterprise class APs and support VLANs, wireless VLANs, POE, Muliple SSIDs, and full public/private separation. They even have a feature called AP isolation that prevents computers on the public WVLAN from accessing each other, thus mitigating your legal risk of having attacks occur through your wireless.
You can also authenticate against LDAP (MS AD), RADIUS, or TACACS+.

These devices are very good. And generally go for about $500 USD each.
Please let me know if you have any questions!
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
laser color wireless scan to email 16 71
URL to download Engenius BH-ENS202 firmware update 4 30
DHCP Server 14 85
How to simulate latency? 5 19
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now