How do I setup a VLAN for internet access only using a Linksys WRT54G, 2 Cisco SG 300-28, and a SonicWALL TZ 210?

My Equipment:
2 Cisco SG 300-28 (in pretty much default setup)
1 SonicWALL TZ 210 wireless N Network Security Appliance
2 Linksys WRT54G configured as Access Points
1 HP ProLiant DL360 G7 (that handles DHCP) running Windows Server 2008 R2 Enterprise
30 Desktop/Laptop XP/Windows 7 computers that are connected to the Domain
Various personal devices that are WiFi enabled

Situation: I would like to create a VLAN that would allow the personal or Guest devices (iPhones/iPads, Personal Laptops, etc.) to have access to the internet on one of the Linksys routers called Guest Access. At present my network looks like this:

Computers/Servers (wired)------Switch1/2-----------SonicWALL----internet
                                                        |
Wireless devices-----Linksys APs-- -|

Question: How do I connect the VLAN for the Guest Access to the Internet and keep it completely separate from the rest of the network? Thank you for your time.
CAllenLongAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sid_FCommented:
I would create a public zone on the sonicwall, assign the zone to a port e.g x5, connect the linksys to the port. You will obviously need to create rules. You will need to setup dhcp on the zone as it will be a public zone so will not be able to contact the server.
0
CAllenLongAuthor Commented:
So let me if I get this straight.

First create a VLAN that has two ports. One, port x4, is connected to  the Linksys router "Guest Access" that sits by my desk, the other, port x5, I would connect to the Sonicwall. Next I go to the Sonicwall and create a public zone, create some "rules" (I think I understand what you mean by this), and setup DHCP on this zone.

I assume I can serve DHCP from the Linksys for this senario?
Will I need to do any configuration on the switch beyond creating a VLAN with ports x4 and x5 in it?
Do I need to do any configuration on the ports themselves in the switch?

Please assume that I am just a button-clicking monkey that will have no idea what you are talking about if you don't talk to me like I am a button-clicking monkey...

Thanks again for your time.
0
Sid_FCommented:
Think outside of vlan for the moment.  In basic terms you are connecting your linksys wireless to a free port on your sonicwall, lets say X5. The linksys should be configured with an ip and DHCP turned off. Wirless clients can connect to the linksys box the sonicwall will supply an ip and keep the traffic seperate from the rest of the your internal network (if I have understood your requirements correctly)

Now setting up the sonicwall is a matter of configuring a zone, we'll call it public_wireless set security as public, configuring an interface selecting X5 as the parent interface and the zone as Public_wireless. Configure a static ip for the interface with dns etc. Then go to dhcp and add a dhcp server, select the zone public_wireless to populate it to. Lastly create a lan to Public_wireless rule for web traffic.
I am doing this from memory so forgive me if I have left anything out. That should be the bones of it
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

CAllenLongAuthor Commented:
The reason I thought I needed a VLAN is because the Linksys Router "Guest Access" is at my desk and the switch is in a server room about 60ft away. I have a dedicated port already for this router. Connecting the Linksys directly to the Sonicwall would be impractical, and I would learn nothing about creating a VLAN with internet access...

Am I asking for the impossible?

0
Sid_FCommented:
Ok learning is one thing, my soltuion will give you the required end result in a secure manner.. Unless I am missing something I can't see the problem with routing the linksys box no matter where it is in your building to the port on the sonicwall. Whether its vlan or zone you still need to run the linksys back to the sonicwall.
0
CAllenLongAuthor Commented:
I will rephrase the question.

How do I setup a VLAN on a Cisco SG 300-28, Linksys WRT54G Router, and Sonicwall TZ 210 to give users the ability to connect their personal devices to the Linksys and have internet access without being able to connect to the rest of the network.

As many details as possible would be appreciated.
0
CAllenLongAuthor Commented:
Any chance of getting a second Opinion? On a forum that I have to pay to use I think I can expect to receive a little bit more "spoon feeding" than all the free forums I am also a member of. If I am expecting too much then I guess I am paying too much, as well....
0
Sid_FCommented:
Click on the request attention link under your question and that should get you more feed back. I have not used vlans on the sonicwall but can see the TZ210 does not support vlan tagging, there are some ways around this
http://www.experts-exchange.com/Hardware/Networking_Hardware/Q_26006609.html
Best of luck.
0
MysidiaCommented:
"How do I setup a VLAN on a Cisco SG 300-28, Linksys WRT54G Router, and Sonicwall TZ 210 to give users the ability to connect their personal devices to the Linksys and have internet access without being able to connect to the rest of the network."

1. Configure 3 ports on your SonicWall,  with 3 different subnet IP address ranges, and your desired security policies;  the private LAN belongs in a high security zone,  the two other interfaces WAN and Public WiFi would be lower security.

The subnet/network IP addresses assigned to the three different interfaces on the SonicWall must not be overlapping IP address ranges,  as the SonicWall will need to route between the three networks.

3 ports are to be setup on the SonicWall:
 1 WAN port to be plugged into your ISP provided CPE gear,  e.g.  your ISP's router, cable mode, etc;  this will have a subnet either assigned by your ISP or provided using DHCP, in some cases, configure the interface per your ISP's directives.

 1 Public AP port to be plugged into your SG 300-28 switch.
 1 LAN port to be plugged into your SG 300-28 switch.

[*] Yes, it's true that in some cases a 802.1q VLAN trunk may be possible between a Sonicwall with certain features and a Cisco switch with the proper feature,  that would allow you to use only "two physical ports" on the SonicWall,  but it's neither necessary or proper, from a design, security, or troubleshooting perspective, with a network with such simple requirements.

Edit the configuration of the SG 300-28 switch.

Create a VLAN for your private LAN network on the SG 300-28 switch, utilize a unique vlan id.
Create a VLAN for your  public "WiFi" network on the SG300-28 switch, utilize a unique vlan id.


Place all the ports on your SG300-28 switch in the  "private LAN"  VLAN.
That is check them off as members of the private VLAN with status untagged.

Change the VLAN of the port that you plug your access point in on the switch to the "public LAN" VLAN ID;  that is   turn off their membership in the private VLAN and add them to the "Public WiFi VLAN",  by changing them to  members of the VLAN untagged.

Change the VLAN of the port that you plug your sonicwall's  "public WiFi LAN"  firewall port to the public LAN VLAN ID.

Configure your public WiFi unit to operate in router mode instead of access point mode.
Statically configure both the WAN and LAN settings on this  WRT54G;   the 54G can be a DHCP server for its LAN, but don't let the 54G get any config details for itself using DHCP.

This will help mitigate the risk that someone accidentally unplugs the WRT54G some day and plugs it into the wrong ethernet port;   instead of   the 54G getting a WAN IP address from DHCP, or the WiFi clients being bridged to your private LAN,  in router mode,  the public WiFi network will stop working instead of security being completely compromised.














0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CAllenLongAuthor Commented:
I will try this today.
0
CAllenLongAuthor Commented:
Can you explain how to "Configure your public WiFi unit to operate in router mode instead of access point mode. Statically configure both the WAN and LAN settings on this  WRT54G;   the 54G can be a DHCP server for its LAN, but don't let the 54G get any config details for itself using DHCP."?

This is where i get stuck. Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Hardware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.