Solved

Guest wireless

Posted on 2011-09-28
5
401 Views
Last Modified: 2013-11-12
I sm trying to configure a guest wireless network.

I have 2 WLCs. one in the inside and second WLC in DMZ.
I connect DMZ anchor then to firewall to DMZ.
How I can configure this setting.
what port numbers should be opened?
what vlans should be created?
do you have any configuration example?
0
Comment
Question by:Network-stuff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 43

Assisted Solution

by:Davis McCarn
Davis McCarn earned 166 total points
ID: 36814041
You're making it overly complicated.  Change one of the routers to a different ip range (i.e. 192.168.10.1-255).  Plug it's WAN/Internet port into one of the LAN ports on the main router, setup the wireless as you like, and you're done.  Anyone connecting to that router will have internet access through the main router; but, no access to your LAN, whatsoever.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 168 total points
ID: 36815266
I agree with DavisMcCarn, as long as the router you're plugging into is firewalled. IOW, if you use a standard wireless router for your 192.168.10.0 network and then plug it into a firewall router that is also connected to your private network on a different subnet. i.e., 10.0.0.x, and the 10.0.0.x network is firewalled, then that configuration will work. However, if the firewall router you're using isn't capable of firewalling a specific network segment but only capable of firewalling the Internet connection, then the 192.168.10.x subnet will be inside your firewall.  This means that if by some chance someone on the 192.168.10.x knew the IP addresses of resources in your 10.0.0.x network and also had a password for access to those resources, he/she could connect and use them. However, this is a pretty specific set of circumstances.  In a small network where you have control over who accesses your wireless network, it is pretty safe to use this configuration.  You also, of course, want to set up encryption and access control on your wireless network to prevent any Joe Hacker from connecting his wireless laptop to your wireless network and using your Internet connection.

If you are in a large corporate setting, or you don't have any direct control over who uses your wireless network, then you want to firewall the two networks separately.  This can be achieved by using a separate firewall router on the wireless network, and then connecting that firewall's WAN port to a switch that is connected to your Internet router directly.  This second firewall would have to have a separate public IP address from the one used by your internal network. Or, for an optimal and more elegant solution, you could use a single router that is capable of firewalling multiple networks separately, such as a WatchGuard XTM. I would advise looking into this solution, since it's easier to handle both physically (since it's only a single box) and configuration-wise. Here's a link to the Watchguard site as a start:

http://www.watchguard.com/products/xtm-main.asp
0
 
LVL 5

Assisted Solution

by:Kenmcse1969
Kenmcse1969 earned 166 total points
ID: 36977499
Everyone is assuming your willing to buy hardware. What kind and how many firewalls you have on hand currently?

A solution we use in our network (which is a large University), we have two SSID's. Private and Public. If you choose the private SSID you get prompted for your credentials and given a DHCP address considered "inside" the firewall (access to files, email, etc). If you choose Private SSID, you are given a DHCP address that is blocked by the firewall from doing anything except hitting external websites. This solution has been verified to be effective by Security Audits.

Depending on the firewall you have if you will have enough control to do this. We use CheckPoint Firewall.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175664
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question