• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 396
  • Last Modified:

Secure Wifi Internet Access from existing LAN

Hello,   I have no ability to setup VLAN's as this is a very basic network.    All servers and computers are on a single subnet.

For example lets say 192.168.100.x

Now I purchased a Wifi router with the thought that I could allow wifi internet access only on another subnet.

for example wifi clients 192.168.1.x

This does work as it is setup with the 192.168.100.x network as the WAN interface.

The issue is I am able to access the 192.168.100.x network from the 192.168.1.x wifi network.    

It does have firewall capabilities and I could try setting up rules to block but is there an easier way to do this?

0
Zoldy2000
Asked:
Zoldy2000
1 Solution
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
Usually, firewall or packet filter rules are the simplest way to do something like this ... or rather, almost the only way, unless you have the possibility of adding another VLAN with its own internet uplink, or a VRF, or other features.
So, just configure a deny-rule that forbids any traffic from 192.168.1.0/24 to 192.168.100.0/24 except maybe for the default gateway, and you should be good ...
0
 
TechnicallyMaybeCommented:
It depends on what features your wifi router has.  Who is the manufacturer and what is the model # of the router?
0
 
Zoldy2000Author Commented:
I don't have it with me as I am not on site to give you the model number.

What feature are you thinking of that would make a difference.

The manufacturer is UBNT
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
TechnicallyMaybeCommented:
For example my router has a guest network feature that uses a totally seperate SSID and prevents access to the internal SSID and wired devices.
0
 
jmgalloCommented:
I have done something similar with one of my clients. They had an existing firewall/router which did in fact provide wifi which you could set on a different network rather the existing LAN...the wifi in it stopped functioning properly.

I had an old Linksys wireless router on site. I ran the linksys wan port to another port on the comcast modem and configured it and turned on wifi with DHCP. that kept the wifi entirely seperate from their existing wired network.

0
 
TechnicallyMaybeCommented:
Great thinking!
0
 
Zoldy2000Author Commented:
what was the purpose of that last comment?
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now