Solved

Guest wireless

Posted on 2011-09-28
5
387 Views
Last Modified: 2013-11-12
I sm trying to configure a guest wireless network.

I have 2 WLCs. one in the inside and second WLC in DMZ.
I connect DMZ anchor then to firewall to DMZ.
How I can configure this setting.
what port numbers should be opened?
what vlans should be created?
do you have any configuration example?
0
Comment
Question by:Network-stuff
5 Comments
 
LVL 42

Assisted Solution

by:Davis McCarn
Davis McCarn earned 166 total points
Comment Utility
You're making it overly complicated.  Change one of the routers to a different ip range (i.e. 192.168.10.1-255).  Plug it's WAN/Internet port into one of the LAN ports on the main router, setup the wireless as you like, and you're done.  Anyone connecting to that router will have internet access through the main router; but, no access to your LAN, whatsoever.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 168 total points
Comment Utility
I agree with DavisMcCarn, as long as the router you're plugging into is firewalled. IOW, if you use a standard wireless router for your 192.168.10.0 network and then plug it into a firewall router that is also connected to your private network on a different subnet. i.e., 10.0.0.x, and the 10.0.0.x network is firewalled, then that configuration will work. However, if the firewall router you're using isn't capable of firewalling a specific network segment but only capable of firewalling the Internet connection, then the 192.168.10.x subnet will be inside your firewall.  This means that if by some chance someone on the 192.168.10.x knew the IP addresses of resources in your 10.0.0.x network and also had a password for access to those resources, he/she could connect and use them. However, this is a pretty specific set of circumstances.  In a small network where you have control over who accesses your wireless network, it is pretty safe to use this configuration.  You also, of course, want to set up encryption and access control on your wireless network to prevent any Joe Hacker from connecting his wireless laptop to your wireless network and using your Internet connection.

If you are in a large corporate setting, or you don't have any direct control over who uses your wireless network, then you want to firewall the two networks separately.  This can be achieved by using a separate firewall router on the wireless network, and then connecting that firewall's WAN port to a switch that is connected to your Internet router directly.  This second firewall would have to have a separate public IP address from the one used by your internal network. Or, for an optimal and more elegant solution, you could use a single router that is capable of firewalling multiple networks separately, such as a WatchGuard XTM. I would advise looking into this solution, since it's easier to handle both physically (since it's only a single box) and configuration-wise. Here's a link to the Watchguard site as a start:

http://www.watchguard.com/products/xtm-main.asp
0
 
LVL 5

Assisted Solution

by:Kenmcse1969
Kenmcse1969 earned 166 total points
Comment Utility
Everyone is assuming your willing to buy hardware. What kind and how many firewalls you have on hand currently?

A solution we use in our network (which is a large University), we have two SSID's. Private and Public. If you choose the private SSID you get prompted for your credentials and given a DHCP address considered "inside" the firewall (access to files, email, etc). If you choose Private SSID, you are given a DHCP address that is blocked by the firewall from doing anything except hitting external websites. This solution has been verified to be effective by Security Audits.

Depending on the firewall you have if you will have enough control to do this. We use CheckPoint Firewall.
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now