Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Guest wireless

Posted on 2011-09-28
5
Medium Priority
?
406 Views
Last Modified: 2013-11-12
I sm trying to configure a guest wireless network.

I have 2 WLCs. one in the inside and second WLC in DMZ.
I connect DMZ anchor then to firewall to DMZ.
How I can configure this setting.
what port numbers should be opened?
what vlans should be created?
do you have any configuration example?
0
Comment
Question by:Network-stuff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 43

Assisted Solution

by:Davis McCarn
Davis McCarn earned 664 total points
ID: 36814041
You're making it overly complicated.  Change one of the routers to a different ip range (i.e. 192.168.10.1-255).  Plug it's WAN/Internet port into one of the LAN ports on the main router, setup the wireless as you like, and you're done.  Anyone connecting to that router will have internet access through the main router; but, no access to your LAN, whatsoever.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 672 total points
ID: 36815266
I agree with DavisMcCarn, as long as the router you're plugging into is firewalled. IOW, if you use a standard wireless router for your 192.168.10.0 network and then plug it into a firewall router that is also connected to your private network on a different subnet. i.e., 10.0.0.x, and the 10.0.0.x network is firewalled, then that configuration will work. However, if the firewall router you're using isn't capable of firewalling a specific network segment but only capable of firewalling the Internet connection, then the 192.168.10.x subnet will be inside your firewall.  This means that if by some chance someone on the 192.168.10.x knew the IP addresses of resources in your 10.0.0.x network and also had a password for access to those resources, he/she could connect and use them. However, this is a pretty specific set of circumstances.  In a small network where you have control over who accesses your wireless network, it is pretty safe to use this configuration.  You also, of course, want to set up encryption and access control on your wireless network to prevent any Joe Hacker from connecting his wireless laptop to your wireless network and using your Internet connection.

If you are in a large corporate setting, or you don't have any direct control over who uses your wireless network, then you want to firewall the two networks separately.  This can be achieved by using a separate firewall router on the wireless network, and then connecting that firewall's WAN port to a switch that is connected to your Internet router directly.  This second firewall would have to have a separate public IP address from the one used by your internal network. Or, for an optimal and more elegant solution, you could use a single router that is capable of firewalling multiple networks separately, such as a WatchGuard XTM. I would advise looking into this solution, since it's easier to handle both physically (since it's only a single box) and configuration-wise. Here's a link to the Watchguard site as a start:

http://www.watchguard.com/products/xtm-main.asp
0
 
LVL 5

Assisted Solution

by:Kenmcse1969
Kenmcse1969 earned 664 total points
ID: 36977499
Everyone is assuming your willing to buy hardware. What kind and how many firewalls you have on hand currently?

A solution we use in our network (which is a large University), we have two SSID's. Private and Public. If you choose the private SSID you get prompted for your credentials and given a DHCP address considered "inside" the firewall (access to files, email, etc). If you choose Private SSID, you are given a DHCP address that is blocked by the firewall from doing anything except hitting external websites. This solution has been verified to be effective by Security Audits.

Depending on the firewall you have if you will have enough control to do this. We use CheckPoint Firewall.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175664
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question