• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 832
  • Last Modified:

Configuring Wireless Hotspot using two access points and Allied Telesis Switch

Hi Experts

My Supervisor has asked that I make a plan to configure a Public Wireless connection, Hotspot so to speak for Staff and Guest to use for their personal devices such as Iphones if possible.  We currently have two Allied Telesis Switches and two Proxiam Access Points that are patched to one of the two Switches, allowing Wireless thought our Fiber Internet Connection. Our Windows 2003 Server is the DHCP for all connections.

I need to know in somewhat step by step, how I can setup a Public Wireless Access and keep the private Wireless Access for say our Laptops also, via the Switch using VLANs, I'm presuming.

I'm not sure how to go about this setup. We want the Public Wireless to NOT have any access to our Private Network Wired or Wireless of course.

Any steps or links to steps would be appreciated.

Thanks in Advance
0
CATHY-IT
Asked:
CATHY-IT
1 Solution
 
IanThCommented:
does your wireless ap allow a wifi vlan
0
 
Craig BeckCommented:
If you want something simple look at Zyxel's N4100 Hotspot router.  It'll do exactly what you need as it has public and private ports.  It's really easy to set up.
0
 
CATHY-ITAuthor Commented:
I'm not sure IanTh about that.. They are ProXim AP-700 V4.0.12 (1335) and I failed to mention our Router is a Sonicwall TZ-210 with security suite licenses.

I will google these Zyxel's....
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
CATHY-ITAuthor Commented:
I'm hoping I can Use the hardware I already have and still not sure the best way to go about this. We'd like the Wi-Fi to still go through our Sonicwall router as it has the Content Filtering and Gateway security
0
 
CATHY-ITAuthor Commented:
I still do not know how to setup a VLAN using our Telesis AG-8000GS/24POE - that the two ProXim AP-700 access points are patched to, along with the additonal AG-8000GS/48port Switch since 24port was not enough for all our Network needs.  Note.. all devices connect to the internet via our SonicWall TZ-210 Gateway Router. Our Server is a Windows Server 2003 a this time.

I want to create a Wireless hotspot that is Public Use and thus not able to access our internal network. I get the idea in theory, but I do know exactly how to go about it.  I would still like Network users to be able to Use a Wireless connection to connect to our Server also. I was also hoping to be able to setup an additional Wired VLAN that would give me a Segment to Use for a Test lab in my office, that again has Internet access, but no access to our Main Network.

Perhaps I have this question posted in the wrong area.
0
 
DavidCommented:
You need to buy wireless routers designed for such a purpose.  You want to use the same SSID no matter where you are on the campus and have something with the intelligence so they can be programmed to recognize the MAC IDs of your employees and deal with logging in and granting access to services based on this additional layer. That way you can separate the employees from guests and you have two layers of authentication.

The consumer class routers have no security to speak of and you are just looking for trouble.

Check out arubanetworks.com.   They have a wide range of products that scale from exactly what you are looking for to solutions that handle college campuses.  I've used them to do a few schools that were pretty spread out and price is pretty fair.
0
 
CATHY-ITAuthor Commented:
So you are saying I can NOT create the VLANs and separate as I hope to using the Hardware that I have right now?   we are not a campus and I have no issue with having two SSIDs, as I figured we would have at least two Corp and Guest.
0
 
CATHY-ITAuthor Commented:
what if I obtain another "third" Proxim access point and plug it directly into the back of our SonicWall TZ210 port two -X2  and thus assign its own Static IP of a different subnet than our Private Network and NOT bridged to our LAN and use this Wireless AP for Guest/Public Use?

Leaving the original two APs we have patched to our Switch physically as they are, but can I setup NAC/Rules that only Units with say " member of our Domain" and Anti-Virus can have access to this Wireless, plus they'd need the WPA2 Key

Does this make any sense? I am trying to keep it simple..
0
 
DavidCommented:
yes, as long as the SSID is unique
0
 
CATHY-ITAuthor Commented:
OK... I think that's what I'll suggest to my Supervisor for the Public access Wi-fi.. keeps it simply and isolated and I can shutter down easily enough if ever needed.

Forgive me if I'm babbling or sounding simple, but I like talk things out so I'm sure i get the right picture and then I need to know exactly what to configure as to not disturb our network and of course keep it secure, whether wired or wireless.

Now in order to filter who can use the Corp (current) SSID,  Wondering perhaps it would be simpliest to just add the MAC addresses for the Wireless NICs of our Corporate laptops and Blackberrys?  which if I understand correctly , I would still need to create a VLAN within the Switch GUI to place those MACs I've added into the MAC base ACL and map this VLAN  to the ports on the Switch that the APs plugged into?  Or would some other form of NAC/ACL work better?

My understanding being that Users will still need the WPA2 key but at least they couldn't use it on an unauthorized device, as we are also in the mids of creating a BYOD policy. this would force them to use the public Wifi connection for all other devices if they want Internet access.
0
 
Darr247Commented:
If you get the ZyXEL N4100 with the SP-300E Printer as recommended by craigbeck way back in http:#a38780482 (though he didn't mention the printer... the N4100 by itself is about $100 less), you can print out temporary credentials so you don't have to worry about unauthorized guests using your bandwidth for illegal purposes from, say, the parking lot.
0
 
CATHY-ITAuthor Commented:
Forgive me if I'm missing the point.... I was told that I have all the hardware I need to do all that I want to do, but I do not know How to do it.

The Idea to get another Access Point and plug into Our TZ-210 Sonicwall Router for Guest Use, was an after thought only after "Dlethe" mentioned getting a Wireless Router - I was trying to figure out why I've been suggested twice to get Another Router.  The reason I'd prefer to place an AP onto my SonicWall instead of getting another Router, is that we have the Full Security Suite on the Sonicwall that has Content Filtering along with Gateway Anti-virus and Spyware protect.  So I still do not understand why I'd need another Wireless Router, why wouldn't a simply AP with built in DHCP work for the same purpose behind our Sonicwall Router?  

 I was planning on having a password on the Guest Wifi to help prevent unauthorized Use of it and changing it periodically, from like you said the Parking Lot.

Assuming above is doable as I thought.. my concern now is unauthorized Devices being on the Corp Wifi connection using our Current AP's and I believe I have the hardware I need to create Acccess Rules.. just don't know HOW to do it....
0
 
CATHY-ITAuthor Commented:
I ended up consulting with an outside company and got some help on setting up VLANs. I was able to use the hardware I already have (no new Router needed) and add two addtional AP to create the Public Wi-fi I needed and still have a Corp Wi-Fi as well - the simplier route.

I ended up setting up an additional LAN using the X2 port on the back of Sonicwall Router that is not in use, in my case none of the extra ports on our Sonicwall TZ210 where in use. I had to go to the Sonicwall and Create a new Zone for this X2 Port and give it a name and I setup a Static IP for it, along with enabling DHCP on this Zone only. I using the VLAN options on the Allied Tellesis GUI to configure Ports on the switch that would be used by this X2 connection only and no traffic from these ports could see our Corp LAN on X1 VLAN 1.

 I needed one port on the Switch to be essentially the gateway from Allied Telesis Switch to X2 Port on the Sonic Wall, then I setup a few more to be used by Hardware devices such as Desktop/Laptops patched to a certain wall port in our Office (My Test Lab). I also put two other ports into this VLAN that the two new Access Points plug into (Public Wi-Fi), again this will isolate them from our Corp Network both wired and Wireless, since our other AP where on the default VLAN 1. and give this network its own IP subnet and DHCP service. Using Sonicwall's Zones options I was able to have it prompt for Users Acceptance and I put the Zones under our Content Filters, Gateway Anti-virus and Spyware protection along with the Intrusion protection as well.

Thank you Experts for your efforts..
0
 
CATHY-ITAuthor Commented:
Thank you!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now