Configuring Wireless Hotspot using two access points and Allied Telesis Switch

does your wireless ap allow a wifi vlan

If you want something simple look at Zyxel's N4100 Hotspot router.  It'll do exactly what you need as it has public and private ports.  It's really easy to set up.

I'm not sure IanTh about that.. They are ProXim AP-700 V4.0.12 (1335) and I failed to mention our Router is a Sonicwall TZ-210 with security suite licenses.

I will google these Zyxel's....

I'm hoping I can Use the hardware I already have and still not sure the best way to go about this. We'd like the Wi-Fi to still go through our Sonicwall router as it has the Content Filtering and Gateway security

I still do not know how to setup a VLAN using our Telesis AG-8000GS/24POE - that the two ProXim AP-700 access points are patched to, along with the additonal AG-8000GS/48port Switch since 24port was not enough for all our Network needs.  Note.. all devices connect to the internet via our SonicWall TZ-210 Gateway Router. Our Server is a Windows Server 2003 a this time.

I want to create a Wireless hotspot that is Public Use and thus not able to access our internal network. I get the idea in theory, but I do know exactly how to go about it.  I would still like Network users to be able to Use a Wireless connection to connect to our Server also. I was also hoping to be able to setup an additional Wired VLAN that would give me a Segment to Use for a Test lab in my office, that again has Internet access, but no access to our Main Network.

Perhaps I have this question posted in the wrong area.

You need to buy wireless routers designed for such a purpose.  You want to use the same SSID no matter where you are on the campus and have something with the intelligence so they can be programmed to recognize the MAC IDs of your employees and deal with logging in and granting access to services based on this additional layer. That way you can separate the employees from guests and you have two layers of authentication.

The consumer class routers have no security to speak of and you are just looking for trouble.

Check out arubanetworks.com.   They have a wide range of products that scale from exactly what you are looking for to solutions that handle college campuses.  I've used them to do a few schools that were pretty spread out and price is pretty fair.

So you are saying I can NOT create the VLANs and separate as I hope to using the Hardware that I have right now?   we are not a campus and I have no issue with having two SSIDs, as I figured we would have at least two Corp and Guest.

what if I obtain another "third" Proxim access point and plug it directly into the back of our SonicWall TZ210 port two -X2  and thus assign its own Static IP of a different subnet than our Private Network and NOT bridged to our LAN and use this Wireless AP for Guest/Public Use?

Leaving the original two APs we have patched to our Switch physically as they are, but can I setup NAC/Rules that only Units with say " member of our Domain" and Anti-Virus can have access to this Wireless, plus they'd need the WPA2 Key

Does this make any sense? I am trying to keep it simple..

yes, as long as the SSID is unique

OK... I think that's what I'll suggest to my Supervisor for the Public access Wi-fi.. keeps it simply and isolated and I can shutter down easily enough if ever needed.

Forgive me if I'm babbling or sounding simple, but I like talk things out so I'm sure i get the right picture and then I need to know exactly what to configure as to not disturb our network and of course keep it secure, whether wired or wireless.

Now in order to filter who can use the Corp (current) SSID,  Wondering perhaps it would be simpliest to just add the MAC addresses for the Wireless NICs of our Corporate laptops and Blackberrys?  which if I understand correctly , I would still need to create a VLAN within the Switch GUI to place those MACs I've added into the MAC base ACL and map this VLAN  to the ports on the Switch that the APs plugged into?  Or would some other form of NAC/ACL work better?

My understanding being that Users will still need the WPA2 key but at least they couldn't use it on an unauthorized device, as we are also in the mids of creating a BYOD policy. this would force them to use the public Wifi connection for all other devices if they want Internet access.

If you get the ZyXEL N4100 with the SP-300E Printer as recommended by craigbeck way back in http:#a38780482 (though he didn't mention the printer... the N4100 by itself is about $100 less), you can print out temporary credentials so you don't have to worry about unauthorized guests using your bandwidth for illegal purposes from, say, the parking lot.

Forgive me if I'm missing the point.... I was told that I have all the hardware I need to do all that I want to do, but I do not know How to do it.

The Idea to get another Access Point and plug into Our TZ-210 Sonicwall Router for Guest Use, was an after thought only after "Dlethe" mentioned getting a Wireless Router - I was trying to figure out why I've been suggested twice to get Another Router.  The reason I'd prefer to place an AP onto my SonicWall instead of getting another Router, is that we have the Full Security Suite on the Sonicwall that has Content Filtering along with Gateway Anti-virus and Spyware protect.  So I still do not understand why I'd need another Wireless Router, why wouldn't a simply AP with built in DHCP work for the same purpose behind our Sonicwall Router?  

 I was planning on having a password on the Guest Wifi to help prevent unauthorized Use of it and changing it periodically, from like you said the Parking Lot.

Assuming above is doable as I thought.. my concern now is unauthorized Devices being on the Corp Wifi connection using our Current AP's and I believe I have the hardware I need to create Acccess Rules.. just don't know HOW to do it....

Thank you!