Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Guest wireless

Posted on 2011-09-28
5
Medium Priority
?
411 Views
Last Modified: 2013-11-12
I sm trying to configure a guest wireless network.

I have 2 WLCs. one in the inside and second WLC in DMZ.
I connect DMZ anchor then to firewall to DMZ.
How I can configure this setting.
what port numbers should be opened?
what vlans should be created?
do you have any configuration example?
0
Comment
Question by:Network-stuff
4 Comments
 
LVL 44

Assisted Solution

by:Davis McCarn
Davis McCarn earned 664 total points
ID: 36814041
You're making it overly complicated.  Change one of the routers to a different ip range (i.e. 192.168.10.1-255).  Plug it's WAN/Internet port into one of the LAN ports on the main router, setup the wireless as you like, and you're done.  Anyone connecting to that router will have internet access through the main router; but, no access to your LAN, whatsoever.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 672 total points
ID: 36815266
I agree with DavisMcCarn, as long as the router you're plugging into is firewalled. IOW, if you use a standard wireless router for your 192.168.10.0 network and then plug it into a firewall router that is also connected to your private network on a different subnet. i.e., 10.0.0.x, and the 10.0.0.x network is firewalled, then that configuration will work. However, if the firewall router you're using isn't capable of firewalling a specific network segment but only capable of firewalling the Internet connection, then the 192.168.10.x subnet will be inside your firewall.  This means that if by some chance someone on the 192.168.10.x knew the IP addresses of resources in your 10.0.0.x network and also had a password for access to those resources, he/she could connect and use them. However, this is a pretty specific set of circumstances.  In a small network where you have control over who accesses your wireless network, it is pretty safe to use this configuration.  You also, of course, want to set up encryption and access control on your wireless network to prevent any Joe Hacker from connecting his wireless laptop to your wireless network and using your Internet connection.

If you are in a large corporate setting, or you don't have any direct control over who uses your wireless network, then you want to firewall the two networks separately.  This can be achieved by using a separate firewall router on the wireless network, and then connecting that firewall's WAN port to a switch that is connected to your Internet router directly.  This second firewall would have to have a separate public IP address from the one used by your internal network. Or, for an optimal and more elegant solution, you could use a single router that is capable of firewalling multiple networks separately, such as a WatchGuard XTM. I would advise looking into this solution, since it's easier to handle both physically (since it's only a single box) and configuration-wise. Here's a link to the Watchguard site as a start:

http://www.watchguard.com/products/xtm-main.asp
0
 
LVL 5

Assisted Solution

by:Kenmcse1969
Kenmcse1969 earned 664 total points
ID: 36977499
Everyone is assuming your willing to buy hardware. What kind and how many firewalls you have on hand currently?

A solution we use in our network (which is a large University), we have two SSID's. Private and Public. If you choose the private SSID you get prompted for your credentials and given a DHCP address considered "inside" the firewall (access to files, email, etc). If you choose Private SSID, you are given a DHCP address that is blocked by the firewall from doing anything except hitting external websites. This solution has been verified to be effective by Security Audits.

Depending on the firewall you have if you will have enough control to do this. We use CheckPoint Firewall.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175664
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question