Solved

Isolate/separate wireless users from hard wired users

Posted on 2011-03-25
2
536 Views
Last Modified: 2012-05-11
I have a switch that supports vlan and a wireless router/dsl modem all in one.  I am hoping with the existing equipment I have to setup so the wireless users can be isolated and separated from the wired users
0
Comment
Question by:FASTECHS
2 Comments
 
LVL 3

Assisted Solution

by:Thomas_Roes
Thomas_Roes earned 250 total points
ID: 35213640
I'm afraid you need extra equipment. But first:

- may the wired users connect to the wireless users
- may the wireless users connect to the wireless users
- or is either communication forbidden?

To answer this question, I'm assuming the following:

- Your DSL-Modem-Router has one public IP address, contains NAT functionality to one (and only one) private IP range. This is the network that is connected to both the wired connections and the wireless antenna.

1)
In a simple scenario, you aquire another LAN-LAN NAT-router (i.e. a router with a ethernet connection as WAN port, not DSL), and connect the WAN port of this second router to the DSL-router, LAN to the switch. VLAN configuration not nessesary.

This way, wireless users cannot access the wires users. The other way round, connection is possible, but broadcast traffic is of cause blocked.

2)
If you need protection both way's, you should disable the WLAN antenna on the router, and in addition to solution 1), get another LAN-LAN NAT-router (nr 3), preferably with WLAN, otherwise you need a separate Wireless Access Point, to connect to the LAN side of router 3.

This way communication is blocked in both way's.

Thomas Roes
0
 
LVL 23

Accepted Solution

by:
Mysidia earned 250 total points
ID: 35223268
What make and model / type of VLAN supporting switch are you using?
If it is a Layer 3 switch with ACL capabilities, you may have some options.

If your switch supports Layer 2 ACLs with MAC addresses,  there is a possibility you
could plug the router into a wired port on the switch, And use a Layer 2 ACL to block
all trafic coming in on that port, except from the router's MAC address.


Unless the switch is Layer 3, or you have another Layer 3 device,  your  isolation options are extremely
limited.  You could only do it in your current scenario,  if your Router/DSL Modem in one is capable of it.
Some are, most are not.


The right way to do this is with a full blown Firewall that supports a DMZ and/or multiple networks,
OR with a full Layer 3 switches.

Or an enterprise router with support for more than 2 Ethernet ports  on different networks.


An additional low-end  (LAN/WAN) router could do something for isolation -- with some caveats.

If you don't have a router that supports more than two networks,  that would mean  one of the networks will need to be routed THROUGH the other network.

(Which means,  they'll be isolated to an extent,  but a node on one network might be able to sniff traffic from the other, by using ARP poisoning)









0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now