Isolate/separate wireless users from hard wired users

Posted on 2011-03-25
Last Modified: 2012-05-11
I have a switch that supports vlan and a wireless router/dsl modem all in one.  I am hoping with the existing equipment I have to setup so the wireless users can be isolated and separated from the wired users
Question by:FASTECHS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Assisted Solution

Thomas_Roes earned 250 total points
ID: 35213640
I'm afraid you need extra equipment. But first:

- may the wired users connect to the wireless users
- may the wireless users connect to the wireless users
- or is either communication forbidden?

To answer this question, I'm assuming the following:

- Your DSL-Modem-Router has one public IP address, contains NAT functionality to one (and only one) private IP range. This is the network that is connected to both the wired connections and the wireless antenna.

In a simple scenario, you aquire another LAN-LAN NAT-router (i.e. a router with a ethernet connection as WAN port, not DSL), and connect the WAN port of this second router to the DSL-router, LAN to the switch. VLAN configuration not nessesary.

This way, wireless users cannot access the wires users. The other way round, connection is possible, but broadcast traffic is of cause blocked.

If you need protection both way's, you should disable the WLAN antenna on the router, and in addition to solution 1), get another LAN-LAN NAT-router (nr 3), preferably with WLAN, otherwise you need a separate Wireless Access Point, to connect to the LAN side of router 3.

This way communication is blocked in both way's.

Thomas Roes
LVL 23

Accepted Solution

Mysidia earned 250 total points
ID: 35223268
What make and model / type of VLAN supporting switch are you using?
If it is a Layer 3 switch with ACL capabilities, you may have some options.

If your switch supports Layer 2 ACLs with MAC addresses,  there is a possibility you
could plug the router into a wired port on the switch, And use a Layer 2 ACL to block
all trafic coming in on that port, except from the router's MAC address.

Unless the switch is Layer 3, or you have another Layer 3 device,  your  isolation options are extremely
limited.  You could only do it in your current scenario,  if your Router/DSL Modem in one is capable of it.
Some are, most are not.

The right way to do this is with a full blown Firewall that supports a DMZ and/or multiple networks,
OR with a full Layer 3 switches.

Or an enterprise router with support for more than 2 Ethernet ports  on different networks.

An additional low-end  (LAN/WAN) router could do something for isolation -- with some caveats.

If you don't have a router that supports more than two networks,  that would mean  one of the networks will need to be routed THROUGH the other network.

(Which means,  they'll be isolated to an extent,  but a node on one network might be able to sniff traffic from the other, by using ARP poisoning)


Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question