• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 346
  • Last Modified:

Integrating Wireless network into Office LAN

Hi guys ...

We currently have an internal LAN of 10.10.10.XXX, with subnet 255.255.255.0.
On this LAN i have a number of standard Wireless routers, such as the Linksys WRT54G.
These routers are given a 10.10.10.XXX number, but issue DHCP addresses in the range of 192.168.1.XXX

I would like laptops that are connected to the network through these wireless routers to have a greater deal of connectivity.
Currently they can connect to devices on the LAN ok, but connecting back to the laptops is not possible (i'm guessing due to IP translation) ..for instance for remote admin.

In an ideal world i would like machines connected through these wireless routers to be issued 10.10.13.XXX IPs and be fully reachable across the network.

Can you advise how i would go about this, especially with details on what i'd have to do on our AD, DNS, DHCP Windows 2003 servers (if anything)

Thanks

HICT

0
HICT
Asked:
HICT
  • 5
  • 3
  • 2
  • +1
2 Solutions
 
WalterHCommented:
I would change the wireless routers to work as wireless access points. They would not give out any addresses and they would just bridge traffic like a switch since you already have a wired infratructure.
0
 
WalterHCommented:
I would make sure that my access points used Enterprise WPA protocols to insure that only authorized users connected to my network and that I had proper controls and logs for access. With Enterprise WPA, you control access to your network by user, not by a single shared key, so you know who is connecting and can grant and revoke access.
0
 
WalterHCommented:
If your wireless devices cannot do this, they are cheap home units and you should upgrade to units that can.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
wolfcamelCommented:
yep - i would turn off dhcp on the wireless.

most of these access points have..
1 - wan connection - which you plugged into the physical lan of your office
4 - lan connections - which are given Ips in the same range as the wireless connection.

turn off dhcp
give the router the 10.10.10.XXX address on its "lan" side
plug your office lan into one of the router's lan ports

now the wireless and the additional lan ports are all on the office lan - hence they will get IPs from your server's dhcp and will be readily connectable
0
 
HICTAuthor Commented:
Thanks guys ...

The only issue with this is that our current LAN issues IPs between 10.10.10.0 and 10.10.10.253, excluding any reservations we have... and i don't think we have enough addresses in that range to cover LAN connected machines as well as wireless connections.

In an ideal world i'd like the wireless routers to broadcast to SSIDs, and issue separate IPs depending on the SSID, so that i can have staff connect up and get access to everything, and guests connect up and only be allowed internet access. I'm guessing this won't be possible without expensive wireless APs though?

Thanks
0
 
Fred MarshallPrincipalCommented:
OK, here is what I'd do; since you say "our current LAN issues" this implies widespread use of DHCP for addresses:

1) Write down all the static IP addresses in use.  Likely, gateway, servers, printers .. etc.  
If these are all in a block then fine.  If they split up the current 256-address range too much then consider changing some of them to be in a block like 10.10.10.1 - 15 or -31 .... whatever.

2) Change the network mask from /24 255.255.2555.0 to /23.  This will provide a 512-address range without changing the base network address of 10.10.10.0.  Note: /22 will provide a 1024-address range but will change the base network address to 10.10.8.0.  Either way, they end at 10.10.11.255 for a broadcast address.

3) Change the wireless routers according to the paper attached - which entails where you plug things into the router just a bit.  Note that DHCP is now provided by a single servers for the entire network.

You may also try something like this ... without changing any cabling at all:

- since all the wireless routers WAN sides go into the main LAN
- since you want to have more connectivity than is presently provided
(right now the wireless computers should be able to see the main LAN but the main LAN and other wireless zones *can't* see "down" into the wireless zone computers.

Let's assume that the wireless routers have these addresses:
Wireless router #1
WAN address 10.10.10.101
LAN address 192.168.1.1

Wireless router #2
WAN address 10.10.10.102
LAN address 192.168.2.1

Wireless router #3
WAN address 10.10.10.103
LAN address 192.168.3.1

Wireless router #4
WAN address 10.10.10.104
LAN address 192.168.4.1

Note that each wireless LAN is on a different subnet.  This is important.

Now, add routes on each wireless router:
Wireless router #1
WAN address 10.10.10.101
LAN address 192.168.1.1
Route 192.168.2.0 to 10.10..10.102
Route 192.168.3.0 to 10.10.10.103
Route 192.168.4.0 to 10.10.10.104

Wireless router #2
WAN address 10.10.10.102
LAN address 192.168.2.1
Route 192.168.1.0 to 10.10..10.10
Route 192.168.3.0 to 10.10.10.103
Route 192.168.4.0 to 10.10.10.104

Wireless router #3
WAN address 10.10.10.103
LAN address 192.168.3.1
Route 192.168.1.0 to 10.10.10.101
Route 192.168.2.0 to 10.10..10.102
Route 192.168.4.0 to 10.10.10.104

Wireless router #4
WAN address 10.10.10.104
LAN address 192.168.4.1
Route 192.168.1.0 to 10.10.10.101
Route 192.168.2.0 to 10.10..10.102
Route 192.168.3.0 to 10.10.10.103

Check local firewalls to allow these subnets if necessary.

The first approach provides likely enough addresses and you can see the approach if you need more.

The second approach provides LOTS of addresses while keeping the connections the same as now -  but you have to route between subnets.
Wireless-Router-as-a-Simple-Swit.pdf
0
 
Fred MarshallPrincipalCommented:
I tried the latter method using commodity WRT54G routers and they didn't seem to like the added routes.  Well, they took the routes and reflected them on the routing table but wasn't able to communicate.  So, I'm not sure I'de recommend the latter method.
0
 
WalterHCommented:
This is how to convert your WRT54G into an access point instead of a router:
http://www.wikihow.com/Convert-Linksys-WRT54G-to-Be-an-Access-Point
0
 
WalterHCommented:
Since you are using the 10.0.0.0 network, don't route unless you have a GOOD reason to do so. Instead, change you netmask to 255.255.0.0 and now you have plenty of addresses available. You may have a good reason to create separate subnets, but the APs are not the place for this in your network. For example, perhaps you have to segregate classes of users (personnel vs sales) or classes of devices (computers vs phones). In this case the dividing line is not wireless vs wired and you should create the appropriate infrastructure with separate subnets and perhaps even rules to restrict traffice between them.
0
 
HICTAuthor Commented:
Thanks for your comprehensive reply Fmarshall. I will certainly look into your initial solution.
My only concern is that we have a VPN connection to our office in Holland.
The Holland office uses the 10.10.11.XXX and 10.10.12.XXX range.

Would this solution conflict with this?

Thanks
0
 
HICTAuthor Commented:
Hi Fmarshall ....

Was just wondering if you had an answer to the above question? I'd really like to try your solution, but don't want to cause an issue with our Dutch office.

Thanks
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now