best way to use a wireless router and a wired router

Posted on 2012-08-14
Last Modified: 2012-08-17
our LAN has been typically just a vpn wired router with a couple of hubs and a cable modem for internet.  Now have people needing a wireless router. What is best way to use a wireless router with our existing setup in a way that does not allow outside attacks to penetrae our LAN via the new to be added wireless router? To be more clear, the ultimate question is once the wireless router is in the mix, how can I be sure it has not created a vulnerability to areas that are now protected by the vpn router? I am trying to avoid opening up a way for hacks to get it via the wireless where previously they have not been able.  Is this even a valid concern?
Question by:wfcrr
    LVL 82

    Expert Comment

    by:Dave Baldwin
    Yes it is.  Ignoring those things is how TJMaxx lost 48 million credit card records.  Use the best encryption which is WPA2 unless they have something better and restrict access thru any other means like limiting it to an approved list of MAC addresses.
    LVL 3

    Expert Comment

    by:Dimitris Ioakimoglou
    Actually this question will be easier to answer if you let us know the models of your equipment, how many workstations and servers you have in your network, if there's an AD domain etc.

    There's complex solutions that apply to large networks -for example segmentation and DMZs and firewalls and mac address filtering and tons of other stuff- and there's simpler ones for smaller networks.

    Let us know a bit about what your network is like.

    Author Comment

    main router is a Zyxell Zywall Plus 2.  There are a couple of hubs connected to it. There is an SBS 2008 and 4 workstations and a printer/scanner and a cable modem. The SBS and the workstations are connected to the hubs. The cable modem is connected to the router directly.  The router is set so that all rules are deny unless I have entered an ip address to allow.  Does that help?  Let me know what else to tell you, I don't know much, but can follow idiot proof instruction.  I have a new wireless router Linksys E1200 and have it linked via one of the  hubs.

    To further clarify, the Zyxell router has the cable modem and the two hubs connected to it.  Then I have the SBS and the 4 workstations connected to the hubs and I also now have the wireless router connected to a hub.

    In addition to the first question of security in general, I also need to know how to navigate to the wireless router.  When I try the in a browser it doesn't show up.  I can navigate to the Zyxell router, but it is on a differnent 192.168 number...we don't use the 1.1 for that one.
    LVL 3

    Accepted Solution

    Ok so first things first. Do you need both routers for some reason? If they are both routers you can set up the new one and replace the old one.

    Then, about the management interface: Is your new router supposed to have the address? Does it say so in the manual? Does any other machine on your network have the same IP? Are your machines on your same subnet as this router? For example, if your network is (which means a subnet mask of then you can't connect to a IP.

    A third concern, if your router is by default configured to run a DHCP service, and you're running a second one on your network, then you're gonna be having trouble.

    Now, about security: On a small network like yours
    a) Activate the highest level of wireless encryption your access point (your router in your case) provides.
    b) Activate and configure any firewall software modules your router firmware has. The general principle is "we block everything EXCEPT blah blah blah" and not the other way around.  
    c)If the SBS 2008 runs your DHCP, you can set it to give out IPs only to PCs of which you know the MAC addresses.
    d) Your router probably has mac address filtering as well, activate this one too.
    e) Wireless isolation is generally a good feature, except if you need your wireless PCs to be able to tranfer stuff from one to another.

    Anything more than the above will be a bit costly and your network's size does not really seem to justify it.

    If, however, you want to start looking for something a bit more professional, I suggest you look at small business firewalls like Fortigate for example, you can find some real nice security features for about 500-700$ if I'm not mistaken.

    A last thing to think about, Untangle and Astaro are both a good case of free firewall software that might make your network a bit more secure. You'll need a server to set them up, but that's about it.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now