Solved

Secure Wifi Internet Access from existing LAN

Posted on 2011-09-29
7
357 Views
Last Modified: 2012-05-12
Hello,   I have no ability to setup VLAN's as this is a very basic network.    All servers and computers are on a single subnet.

For example lets say 192.168.100.x

Now I purchased a Wifi router with the thought that I could allow wifi internet access only on another subnet.

for example wifi clients 192.168.1.x

This does work as it is setup with the 192.168.100.x network as the WAN interface.

The issue is I am able to access the 192.168.100.x network from the 192.168.1.x wifi network.    

It does have firewall capabilities and I could try setting up rules to block but is there an easier way to do this?

0
Comment
Question by:Zoldy2000
7 Comments
 
LVL 17

Accepted Solution

by:
Garry-G earned 500 total points
ID: 36814461
Usually, firewall or packet filter rules are the simplest way to do something like this ... or rather, almost the only way, unless you have the possibility of adding another VLAN with its own internet uplink, or a VRF, or other features.
So, just configure a deny-rule that forbids any traffic from 192.168.1.0/24 to 192.168.100.0/24 except maybe for the default gateway, and you should be good ...
0
 
LVL 5

Expert Comment

by:TechnicallyMaybe
ID: 36814539
It depends on what features your wifi router has.  Who is the manufacturer and what is the model # of the router?
0
 
LVL 2

Author Comment

by:Zoldy2000
ID: 36814615
I don't have it with me as I am not on site to give you the model number.

What feature are you thinking of that would make a difference.

The manufacturer is UBNT
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 5

Expert Comment

by:TechnicallyMaybe
ID: 36814726
For example my router has a guest network feature that uses a totally seperate SSID and prevents access to the internal SSID and wired devices.
0
 

Expert Comment

by:jmgallo
ID: 36815888
I have done something similar with one of my clients. They had an existing firewall/router which did in fact provide wifi which you could set on a different network rather the existing LAN...the wifi in it stopped functioning properly.

I had an old Linksys wireless router on site. I ran the linksys wan port to another port on the comcast modem and configured it and turned on wifi with DHCP. that kept the wifi entirely seperate from their existing wired network.

0
 
LVL 5

Expert Comment

by:TechnicallyMaybe
ID: 36817334
Great thinking!
0
 
LVL 2

Author Comment

by:Zoldy2000
ID: 36817373
what was the purpose of that last comment?
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now