Solved

How to create a WLAN that will not see my wired Lan

Posted on 2012-03-25
10
581 Views
Last Modified: 2012-06-27
My network work is laid out like this

T1 Router going into WAN Port on Sonicwall NSA240 and my Server going into the LAN port. I use my server as my DHCP and DNS and have it pointed to the NSA240 as the gateway. I would like to implatment a wireless LAN with Cisco Aeronet 1140 within my building but dont want it to have the same IP Scheme as my wired lan. CAn I setup another network inferface to connect to a switch and provide DHCP on it that interace? If so, how would i do that? If not, what would you recommend the best way to set up the WLAN with it see my wired lan?

wired lan IP is 192.168.XXX.XXX
Want wireless lan IP to be 10.10.XXX.XXX
0
Comment
Question by:miamitech305
10 Comments
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 200 total points
ID: 37764151
You can use anther port on the sonicwall and set it up as not Bridged to the LAN. Call it lan2 or WLAN.  Then you can add a dhcp range to the sonicwall for it. It will have firewall rules you can set to get to the LAN if you need to.
0
 

Author Comment

by:miamitech305
ID: 37764157
If i set the DCHP range for that port, it wont affect my lan port to my server that is my DHCP?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 37764164
Nope, it's completely separate from the LAN just like the wan. In fact this is the default behavior for the tz series that has wifi built in.
0
 

Author Comment

by:miamitech305
ID: 37764176
It isnt a TZ series, Its the NSA series.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 37764181
I know it's an NSA, By telling you that the default for a tz series with wifi is this type of setup I'm just trying to exemplify that this is a common and well supported setup.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:miamitech305
ID: 37764185
Ok, will my filters that blocks sites be applied to the new port as well? for example, I have facebook.com blocked. Will this site be blocked as well on the new port?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 37764196
No. Those firewall rules are for LAN->wan. You need to make rules for your WLAN->wan
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37765047
why dont you assign one ip @ any free interface of firewall,,, eg x3: 10.10.10.x and assign same range ip to your AP or simply connect your AP directly to SNA-X3...
First check internet once done, go to firewall and create one rule as deny from X3 to LAN.
0
 

Author Comment

by:miamitech305
ID: 37765931
If i setup a new port eg x3 with 10.10.10.XXX can port x3 and the lan port both have access to the wan port? If yes do i create a rule that allows X3 to WAN.
0
 
LVL 3

Accepted Solution

by:
Konsultant earned 300 total points
ID: 37766719
Hi,

Sonicwall offers their own wireless solution based on SonicPoints. The beauty of this solution is based on the fact that your sonicwall firewall manages all access points (policy, firmware upgrades, etc.) It will deal with wireless VLANs and handle multiple SSIDs. As well as offer IPSec security over wireless with user authentication.

In our case you want to use Cisco wireless as a separate network connected to the firewall as sort of DMZ. This is very simple to do:

1. Create your custom security ZONE line: Cisco_WLAN (I would not use predefined WLAN - as it comes with settings relating to Sonicwall wireless. You may not have best luck with it)

2. I would configure one of the interfaces as dedicated wireless one e.g. X3 could be ours 10.10.10.1 (this will be the default gateway for your wireless)

3. The default NAT policy will take care of the NATing while accessing internet from the wireless network.

4. I would look at the firewall rules and I would mane sure that the default rule Cisco_WLAN to LAN says Deny.

5, You do not need to create any "Allow" type rule from Cisco_WLAN to WAN by default the rule there will be Allow Any to Any.

Honestly there is very little to do. The entire configuration should take you about 5min.

This is pretty much all you have to do.  I have done it many times and it always works.
Keep an eye on the DNS settings while configuring DHPC on the sonicwall. Clients call about problems with wrong DNS all the time. They block access to LAN and at the same time they want to use DNS on the LAN.  Also, keep your DHCP lease short.

Good luck!

P.S. It is not not possible to create rule "from X3 to LAN" X3 will be just one interface with its IP address. Most likely you will need to say X3 Subnet to LAN. If you decide to use dedicated ZONE you will avoid this issue and firewall rules will be more transparent.

Also, make sure that your wireless Cisco uses sonicwall as its default gateway.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Question about trunk (between Core switch and 3750 stack) channel mode ?? 6 21
laser color wireless scan to email 16 60
Unifi AP 4 51
Need help with VLAN issue 6 38
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now