Solved

Configuring Wireless Hotspot using two access points and Allied Telesis  Switch

Posted on 2013-01-15
16
786 Views
Last Modified: 2013-11-12
Hi Experts

My Supervisor has asked that I make a plan to configure a Public Wireless connection, Hotspot so to speak for Staff and Guest to use for their personal devices such as Iphones if possible.  We currently have two Allied Telesis Switches and two Proxiam Access Points that are patched to one of the two Switches, allowing Wireless thought our Fiber Internet Connection. Our Windows 2003 Server is the DHCP for all connections.

I need to know in somewhat step by step, how I can setup a Public Wireless Access and keep the private Wireless Access for say our Laptops also, via the Switch using VLANs, I'm presuming.

I'm not sure how to go about this setup. We want the Public Wireless to NOT have any access to our Private Network Wired or Wireless of course.

Any steps or links to steps would be appreciated.

Thanks in Advance
0
Comment
Question by:CATHY-IT
16 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 38779321
does your wireless ap allow a wifi vlan
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 38780482
If you want something simple look at Zyxel's N4100 Hotspot router.  It'll do exactly what you need as it has public and private ports.  It's really easy to set up.
0
 

Author Comment

by:CATHY-IT
ID: 38782471
I'm not sure IanTh about that.. They are ProXim AP-700 V4.0.12 (1335) and I failed to mention our Router is a Sonicwall TZ-210 with security suite licenses.

I will google these Zyxel's....
0
 

Author Comment

by:CATHY-IT
ID: 38835546
I'm hoping I can Use the hardware I already have and still not sure the best way to go about this. We'd like the Wi-Fi to still go through our Sonicwall router as it has the Content Filtering and Gateway security
0
 

Author Comment

by:CATHY-IT
ID: 38879961
I still do not know how to setup a VLAN using our Telesis AG-8000GS/24POE - that the two ProXim AP-700 access points are patched to, along with the additonal AG-8000GS/48port Switch since 24port was not enough for all our Network needs.  Note.. all devices connect to the internet via our SonicWall TZ-210 Gateway Router. Our Server is a Windows Server 2003 a this time.

I want to create a Wireless hotspot that is Public Use and thus not able to access our internal network. I get the idea in theory, but I do know exactly how to go about it.  I would still like Network users to be able to Use a Wireless connection to connect to our Server also. I was also hoping to be able to setup an additional Wired VLAN that would give me a Segment to Use for a Test lab in my office, that again has Internet access, but no access to our Main Network.

Perhaps I have this question posted in the wrong area.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 38880432
You need to buy wireless routers designed for such a purpose.  You want to use the same SSID no matter where you are on the campus and have something with the intelligence so they can be programmed to recognize the MAC IDs of your employees and deal with logging in and granting access to services based on this additional layer. That way you can separate the employees from guests and you have two layers of authentication.

The consumer class routers have no security to speak of and you are just looking for trouble.

Check out arubanetworks.com.   They have a wide range of products that scale from exactly what you are looking for to solutions that handle college campuses.  I've used them to do a few schools that were pretty spread out and price is pretty fair.
0
 

Author Comment

by:CATHY-IT
ID: 38880616
So you are saying I can NOT create the VLANs and separate as I hope to using the Hardware that I have right now?   we are not a campus and I have no issue with having two SSIDs, as I figured we would have at least two Corp and Guest.
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 

Author Comment

by:CATHY-IT
ID: 38880661
what if I obtain another "third" Proxim access point and plug it directly into the back of our SonicWall TZ210 port two -X2  and thus assign its own Static IP of a different subnet than our Private Network and NOT bridged to our LAN and use this Wireless AP for Guest/Public Use?

Leaving the original two APs we have patched to our Switch physically as they are, but can I setup NAC/Rules that only Units with say " member of our Domain" and Anti-Virus can have access to this Wireless, plus they'd need the WPA2 Key

Does this make any sense? I am trying to keep it simple..
0
 
LVL 47

Expert Comment

by:dlethe
ID: 38880733
yes, as long as the SSID is unique
0
 

Author Comment

by:CATHY-IT
ID: 38881030
OK... I think that's what I'll suggest to my Supervisor for the Public access Wi-fi.. keeps it simply and isolated and I can shutter down easily enough if ever needed.

Forgive me if I'm babbling or sounding simple, but I like talk things out so I'm sure i get the right picture and then I need to know exactly what to configure as to not disturb our network and of course keep it secure, whether wired or wireless.

Now in order to filter who can use the Corp (current) SSID,  Wondering perhaps it would be simpliest to just add the MAC addresses for the Wireless NICs of our Corporate laptops and Blackberrys?  which if I understand correctly , I would still need to create a VLAN within the Switch GUI to place those MACs I've added into the MAC base ACL and map this VLAN  to the ports on the Switch that the APs plugged into?  Or would some other form of NAC/ACL work better?

My understanding being that Users will still need the WPA2 key but at least they couldn't use it on an unauthorized device, as we are also in the mids of creating a BYOD policy. this would force them to use the public Wifi connection for all other devices if they want Internet access.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 38882348
If you get the ZyXEL N4100 with the SP-300E Printer as recommended by craigbeck way back in http:#a38780482 (though he didn't mention the printer... the N4100 by itself is about $100 less), you can print out temporary credentials so you don't have to worry about unauthorized guests using your bandwidth for illegal purposes from, say, the parking lot.
0
 

Author Comment

by:CATHY-IT
ID: 38884475
Forgive me if I'm missing the point.... I was told that I have all the hardware I need to do all that I want to do, but I do not know How to do it.

The Idea to get another Access Point and plug into Our TZ-210 Sonicwall Router for Guest Use, was an after thought only after "Dlethe" mentioned getting a Wireless Router - I was trying to figure out why I've been suggested twice to get Another Router.  The reason I'd prefer to place an AP onto my SonicWall instead of getting another Router, is that we have the Full Security Suite on the Sonicwall that has Content Filtering along with Gateway Anti-virus and Spyware protect.  So I still do not understand why I'd need another Wireless Router, why wouldn't a simply AP with built in DHCP work for the same purpose behind our Sonicwall Router?  

 I was planning on having a password on the Guest Wifi to help prevent unauthorized Use of it and changing it periodically, from like you said the Parking Lot.

Assuming above is doable as I thought.. my concern now is unauthorized Devices being on the Corp Wifi connection using our Current AP's and I believe I have the hardware I need to create Acccess Rules.. just don't know HOW to do it....
0
 

Accepted Solution

by:
CATHY-IT earned 0 total points
ID: 38996135
I ended up consulting with an outside company and got some help on setting up VLANs. I was able to use the hardware I already have (no new Router needed) and add two addtional AP to create the Public Wi-fi I needed and still have a Corp Wi-Fi as well - the simplier route.

I ended up setting up an additional LAN using the X2 port on the back of Sonicwall Router that is not in use, in my case none of the extra ports on our Sonicwall TZ210 where in use. I had to go to the Sonicwall and Create a new Zone for this X2 Port and give it a name and I setup a Static IP for it, along with enabling DHCP on this Zone only. I using the VLAN options on the Allied Tellesis GUI to configure Ports on the switch that would be used by this X2 connection only and no traffic from these ports could see our Corp LAN on X1 VLAN 1.

 I needed one port on the Switch to be essentially the gateway from Allied Telesis Switch to X2 Port on the Sonic Wall, then I setup a few more to be used by Hardware devices such as Desktop/Laptops patched to a certain wall port in our Office (My Test Lab). I also put two other ports into this VLAN that the two new Access Points plug into (Public Wi-Fi), again this will isolate them from our Corp Network both wired and Wireless, since our other AP where on the default VLAN 1. and give this network its own IP subnet and DHCP service. Using Sonicwall's Zones options I was able to have it prompt for Users Acceptance and I put the Zones under our Content Filters, Gateway Anti-virus and Spyware protection along with the Intrusion protection as well.

Thank you Experts for your efforts..
0
 

Author Closing Comment

by:CATHY-IT
ID: 39013469
Thank you!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now