Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Isolate/separate wireless users from hard wired users

Posted on 2011-03-25
Medium Priority
Last Modified: 2012-05-11
I have a switch that supports vlan and a wireless router/dsl modem all in one.  I am hoping with the existing equipment I have to setup so the wireless users can be isolated and separated from the wired users
Question by:FASTECHS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Assisted Solution

Thomas_Roes earned 1000 total points
ID: 35213640
I'm afraid you need extra equipment. But first:

- may the wired users connect to the wireless users
- may the wireless users connect to the wireless users
- or is either communication forbidden?

To answer this question, I'm assuming the following:

- Your DSL-Modem-Router has one public IP address, contains NAT functionality to one (and only one) private IP range. This is the network that is connected to both the wired connections and the wireless antenna.

In a simple scenario, you aquire another LAN-LAN NAT-router (i.e. a router with a ethernet connection as WAN port, not DSL), and connect the WAN port of this second router to the DSL-router, LAN to the switch. VLAN configuration not nessesary.

This way, wireless users cannot access the wires users. The other way round, connection is possible, but broadcast traffic is of cause blocked.

If you need protection both way's, you should disable the WLAN antenna on the router, and in addition to solution 1), get another LAN-LAN NAT-router (nr 3), preferably with WLAN, otherwise you need a separate Wireless Access Point, to connect to the LAN side of router 3.

This way communication is blocked in both way's.

Thomas Roes
LVL 23

Accepted Solution

Mysidia earned 1000 total points
ID: 35223268
What make and model / type of VLAN supporting switch are you using?
If it is a Layer 3 switch with ACL capabilities, you may have some options.

If your switch supports Layer 2 ACLs with MAC addresses,  there is a possibility you
could plug the router into a wired port on the switch, And use a Layer 2 ACL to block
all trafic coming in on that port, except from the router's MAC address.

Unless the switch is Layer 3, or you have another Layer 3 device,  your  isolation options are extremely
limited.  You could only do it in your current scenario,  if your Router/DSL Modem in one is capable of it.
Some are, most are not.

The right way to do this is with a full blown Firewall that supports a DMZ and/or multiple networks,
OR with a full Layer 3 switches.

Or an enterprise router with support for more than 2 Ethernet ports  on different networks.

An additional low-end  (LAN/WAN) router could do something for isolation -- with some caveats.

If you don't have a router that supports more than two networks,  that would mean  one of the networks will need to be routed THROUGH the other network.

(Which means,  they'll be isolated to an extent,  but a node on one network might be able to sniff traffic from the other, by using ARP poisoning)


Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question