Solved

Secure Wifi Internet Access from existing LAN

Posted on 2011-09-29
7
354 Views
Last Modified: 2012-05-12
Hello,   I have no ability to setup VLAN's as this is a very basic network.    All servers and computers are on a single subnet.

For example lets say 192.168.100.x

Now I purchased a Wifi router with the thought that I could allow wifi internet access only on another subnet.

for example wifi clients 192.168.1.x

This does work as it is setup with the 192.168.100.x network as the WAN interface.

The issue is I am able to access the 192.168.100.x network from the 192.168.1.x wifi network.    

It does have firewall capabilities and I could try setting up rules to block but is there an easier way to do this?

0
Comment
Question by:Zoldy2000
7 Comments
 
LVL 17

Accepted Solution

by:
Garry-G earned 500 total points
ID: 36814461
Usually, firewall or packet filter rules are the simplest way to do something like this ... or rather, almost the only way, unless you have the possibility of adding another VLAN with its own internet uplink, or a VRF, or other features.
So, just configure a deny-rule that forbids any traffic from 192.168.1.0/24 to 192.168.100.0/24 except maybe for the default gateway, and you should be good ...
0
 
LVL 5

Expert Comment

by:TechnicallyMaybe
ID: 36814539
It depends on what features your wifi router has.  Who is the manufacturer and what is the model # of the router?
0
 
LVL 2

Author Comment

by:Zoldy2000
ID: 36814615
I don't have it with me as I am not on site to give you the model number.

What feature are you thinking of that would make a difference.

The manufacturer is UBNT
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 5

Expert Comment

by:TechnicallyMaybe
ID: 36814726
For example my router has a guest network feature that uses a totally seperate SSID and prevents access to the internal SSID and wired devices.
0
 

Expert Comment

by:jmgallo
ID: 36815888
I have done something similar with one of my clients. They had an existing firewall/router which did in fact provide wifi which you could set on a different network rather the existing LAN...the wifi in it stopped functioning properly.

I had an old Linksys wireless router on site. I ran the linksys wan port to another port on the comcast modem and configured it and turned on wifi with DHCP. that kept the wifi entirely seperate from their existing wired network.

0
 
LVL 5

Expert Comment

by:TechnicallyMaybe
ID: 36817334
Great thinking!
0
 
LVL 2

Author Comment

by:Zoldy2000
ID: 36817373
what was the purpose of that last comment?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now