Isolate/separate wireless users from hard wired users

Posted on 2011-03-25
Medium Priority
Last Modified: 2012-05-11
I have a switch that supports vlan and a wireless router/dsl modem all in one.  I am hoping with the existing equipment I have to setup so the wireless users can be isolated and separated from the wired users
Question by:FASTECHS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Assisted Solution

Thomas_Roes earned 1000 total points
ID: 35213640
I'm afraid you need extra equipment. But first:

- may the wired users connect to the wireless users
- may the wireless users connect to the wireless users
- or is either communication forbidden?

To answer this question, I'm assuming the following:

- Your DSL-Modem-Router has one public IP address, contains NAT functionality to one (and only one) private IP range. This is the network that is connected to both the wired connections and the wireless antenna.

In a simple scenario, you aquire another LAN-LAN NAT-router (i.e. a router with a ethernet connection as WAN port, not DSL), and connect the WAN port of this second router to the DSL-router, LAN to the switch. VLAN configuration not nessesary.

This way, wireless users cannot access the wires users. The other way round, connection is possible, but broadcast traffic is of cause blocked.

If you need protection both way's, you should disable the WLAN antenna on the router, and in addition to solution 1), get another LAN-LAN NAT-router (nr 3), preferably with WLAN, otherwise you need a separate Wireless Access Point, to connect to the LAN side of router 3.

This way communication is blocked in both way's.

Thomas Roes
LVL 23

Accepted Solution

Mysidia earned 1000 total points
ID: 35223268
What make and model / type of VLAN supporting switch are you using?
If it is a Layer 3 switch with ACL capabilities, you may have some options.

If your switch supports Layer 2 ACLs with MAC addresses,  there is a possibility you
could plug the router into a wired port on the switch, And use a Layer 2 ACL to block
all trafic coming in on that port, except from the router's MAC address.

Unless the switch is Layer 3, or you have another Layer 3 device,  your  isolation options are extremely
limited.  You could only do it in your current scenario,  if your Router/DSL Modem in one is capable of it.
Some are, most are not.

The right way to do this is with a full blown Firewall that supports a DMZ and/or multiple networks,
OR with a full Layer 3 switches.

Or an enterprise router with support for more than 2 Ethernet ports  on different networks.

An additional low-end  (LAN/WAN) router could do something for isolation -- with some caveats.

If you don't have a router that supports more than two networks,  that would mean  one of the networks will need to be routed THROUGH the other network.

(Which means,  they'll be isolated to an extent,  but a node on one network might be able to sniff traffic from the other, by using ARP poisoning)


Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
The Summer 2017 Scholarship Winners have been announced!
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses
Course of the Month10 days, 23 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question