Solved

Guest wireless

Posted on 2011-09-28
5
396 Views
Last Modified: 2013-11-12
I sm trying to configure a guest wireless network.

I have 2 WLCs. one in the inside and second WLC in DMZ.
I connect DMZ anchor then to firewall to DMZ.
How I can configure this setting.
what port numbers should be opened?
what vlans should be created?
do you have any configuration example?
0
Comment
Question by:Network-stuff
5 Comments
 
LVL 43

Assisted Solution

by:Davis McCarn
Davis McCarn earned 166 total points
ID: 36814041
You're making it overly complicated.  Change one of the routers to a different ip range (i.e. 192.168.10.1-255).  Plug it's WAN/Internet port into one of the LAN ports on the main router, setup the wireless as you like, and you're done.  Anyone connecting to that router will have internet access through the main router; but, no access to your LAN, whatsoever.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 168 total points
ID: 36815266
I agree with DavisMcCarn, as long as the router you're plugging into is firewalled. IOW, if you use a standard wireless router for your 192.168.10.0 network and then plug it into a firewall router that is also connected to your private network on a different subnet. i.e., 10.0.0.x, and the 10.0.0.x network is firewalled, then that configuration will work. However, if the firewall router you're using isn't capable of firewalling a specific network segment but only capable of firewalling the Internet connection, then the 192.168.10.x subnet will be inside your firewall.  This means that if by some chance someone on the 192.168.10.x knew the IP addresses of resources in your 10.0.0.x network and also had a password for access to those resources, he/she could connect and use them. However, this is a pretty specific set of circumstances.  In a small network where you have control over who accesses your wireless network, it is pretty safe to use this configuration.  You also, of course, want to set up encryption and access control on your wireless network to prevent any Joe Hacker from connecting his wireless laptop to your wireless network and using your Internet connection.

If you are in a large corporate setting, or you don't have any direct control over who uses your wireless network, then you want to firewall the two networks separately.  This can be achieved by using a separate firewall router on the wireless network, and then connecting that firewall's WAN port to a switch that is connected to your Internet router directly.  This second firewall would have to have a separate public IP address from the one used by your internal network. Or, for an optimal and more elegant solution, you could use a single router that is capable of firewalling multiple networks separately, such as a WatchGuard XTM. I would advise looking into this solution, since it's easier to handle both physically (since it's only a single box) and configuration-wise. Here's a link to the Watchguard site as a start:

http://www.watchguard.com/products/xtm-main.asp
0
 
LVL 5

Assisted Solution

by:Kenmcse1969
Kenmcse1969 earned 166 total points
ID: 36977499
Everyone is assuming your willing to buy hardware. What kind and how many firewalls you have on hand currently?

A solution we use in our network (which is a large University), we have two SSID's. Private and Public. If you choose the private SSID you get prompted for your credentials and given a DHCP address considered "inside" the firewall (access to files, email, etc). If you choose Private SSID, you are given a DHCP address that is blocked by the firewall from doing anything except hitting external websites. This solution has been verified to be effective by Security Audits.

Depending on the firewall you have if you will have enough control to do this. We use CheckPoint Firewall.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175664
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 5508 WLC software upgrade 2 112
Computer Boot Up Time can be 30 minutes, please help with any recommendations? 10 102
Guest Wireless in a Business Environment 6 121
SSL-VPN 1 47
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question