Solved

How do I configure configure the switch to allow the wifi router through the netowrk?

Posted on 2008-10-25
2
772 Views
Last Modified: 2012-06-21
Hello Everyone,

Here's my dilemma, my company would like to give its clients access to the internet through a linksys Wifi router (WRT54G). I don't want to give them access to the corp. network for security reasons but I would like them to be able to access the internet, I'm looking for more of a pass-thru type of setup.

I'm a newbie to switch configuration, as mentioned the switch im dealing with is a Netgear GS7245T I'm not exactly sure where i need to add the IP address of the router to allow this type of access.

The router itself is setup and ready to go, I can connect to it wirelessly but can only gain access locally, as in the corp LAN.

if it helps this is my setup,

wireless connection connected to a Cisco 2600
connected to a Cisco 1700
connected to a Netgear GS724T switch
0
Comment
Question by:chris_irvine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
pit1140 earned 500 total points
ID: 22804706
This is a common setup.

If you have more than one static ip address you may buy a second WRT54G; you connect both to your uplink and use different subnets; ask your provider to set the ports not seeing each other too.

A better approach would be VLAN, see

http://en.wikipedia.org/wiki/VLAN

You may flash your Firmware on the WRT54G to some open source software. they may have a ready-to-go-software-solution for free. for example: dd-wrt, open-wrt, tomato, see:

http://en.wikipedia.org/wiki/Linksys_WRT54G_series#Third-party_firmware_projects



0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22804833
Is the netgear plugged into a Cisco 1700 and the WRT54G plugged into the netgear?

I think the goal should be to configure the NETGEAR as a VLAN switch.

Make sure the netgear is equipped with recent firmware and has 802.1Q VLAN tagging capability.
Then create a new VLAN using an unused VLAN number for the WRT54G using the webui and assign the switch port to the vlan.

Next is the hard part...  you need to provide a connection between the WRT54G and the  1700 or 2600 router  that is connecting you to the internet.

It is good if you can provide this routing on a device outside any internal firewalls.

You need a connection between an interface on the routing device and a port on the netgear switch with access to the VLAN that the 54G is on.


If your router has many independently routable ethernet interfaces (i.e. Ethernet0, Ethernet1, and Ethernet2/0), then you can run another cable between your router and the netgear,   and configure the new interface on the router with a different subnet (that the 54G is to use).

A better solution (which is not available on 10 megabit  normal ethernet interface),
only on FastEthernet, if both devices support  802.1Q  VLAN Tagging on the ports being plugged on both sides,
you can avoid the need to run extra wires for each new security domain.


What this means if you are not using VLAN 802.1Q tagging already...
is you take down your internet connection
(make sure you can rollback all changes if at any step you determine you cannot proceed...   depending on your exact hardware,  there may be difficulties,
I.E.  backup all configs first):

Change the configuration on the router.   Remove IP addresses the simple "FastEthernet0" or "FastEthernet0/0"  interface
direct the router to use 802.1q  encapsulation on that interface,
and then create a  subinterface for each VLAN  
i.e.  
interface FastEthernet0
  ip address 10.0.0.1  255.255.255.0
becomes
interface FastEthernet0
   no ip address
interface FastEthernet0.1
    ip address 10.0.0.1 255.255.255.0
    encapsulation dot1Q native 1
    ! you essentially move the IP and much other logical config to this above interface
interface FastEthernet0.10
    ip address 10.1.0.0 255.255.255.0
    encapsulation dot1Q 10

! To use (for example) have vlan1 as one network and vlan10 as another....


Then on the switch,  change the port the router is plugged into from being a normal access port   to being a VLAN tagged port,  also sometimes called trunk port
(but netgear may use the term 'trunk' to refer to something completely unrelated).


And set the   default vlan  or native vlan for the port on the Netgear side  to
match the  VLAN you have chosen as being "NATIVE"  on the router side of the 802.1q link you created.


When you are successful,   internet connectivity for the rest of your hosts should work, you should be able to ping the internet.


A laptop plugged into the port assigned to the "linksys"  VLAN  and assigned an IP in the proper subnet should be able to ping the VLAN interface on the router.

But it should not be able to ping other devices on your network, even if you change its ip to be in your normal subnet.


Once you can verify that much,  setting up internet connectivity is a matter of getting your router to handle the situation.

Most likely you will need NAT rules and "ip nat inside" on the  tagged subinterface.

Another possibility is if your provider  gives you a public ip range to use, you can apply that instead.


Or perhaps your NAT will be handled by a different router, and in that case, it only needs to be updated to accept the additional range used by the linksys and know what to do with traffic destined for the new private IP range.

0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question