Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1415
  • Last Modified:

Guest Wireless

I want to separate my corporate wireless network and my guest wireless network.

Rather than use the existing infrastructure I will be connecting a wireless router/access point to the ISPs router.  The ISP will then ensure that the port this is connected to can only go straight out to the internet and be blocked from accessing any of the private address ranges.

As I want to use two or more wireless devices across two rooms what would the best method and device be to do this.

My thoughts were to connect a managed switch and assign a currently unused vlan e.g. 66 to it then attach a couple of wireless access points putting them on the same vlan.  The ISP will configure the default gateway on the router for that vlan which would then pass through the traffic as required.  My problem with this scenario is their is nothing to provide dhcp to the clients as they try to connect.

I have not yet purchased any equipment and am open to any ideas.

Thanks,
0
JAM-Tech
Asked:
JAM-Tech
  • 8
  • 7
  • 2
1 Solution
 
thelugCommented:
Why not get access points and configure them in Bridge mode?  That way, DHCP addresses can be handed out by the router?
0
 
JAM-TechAuthor Commented:
Let me make sure I understand exactly what you mean.

Your suggestion is to connect a switch to the access point and with the previous configuration but use bridged mode on two access points that connect to the switch.

To configure DHCP for these access points I would get the ISP to configure their router as the DHCP server?

Is that about right?
0
 
thelugCommented:
Is the ISP router a wireless router as well?  If so, than it can be configured on the vlan desired, and the other AP's should be able to be configured in Bridge mode to hang off the ISP router.

If it's not wireless capable, than you could hardwire the first AP off the router, and then should be able to connect the other AP's to that in bridge mode.

DHCP addresses would be served by the ISP router to all access points.

It's similar to how I have my home network set up.  I have my main ISP wireless router with some PC's hardwired to it and another wireless router on another floor in bridge mode.  DHCP from the ISP router hands out addresses to the bridge router on the same network segment.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
Darr247Commented:
> Rather than use the existing infrastructure I will be connecting a wireless
router/access point to the ISPs router.
What would provide DHCP in that scenario, and why wouldn't that same DHCP server function through/across a VLAN?
0
 
JAM-TechAuthor Commented:
In that situation the wireless router would provide dhcp so to be separate from the corporate network.

The reason it wouldn't use the existing dhcp server is purely to separate it from the corporate network.
0
 
Darr247Commented:
> In that situation the wireless router would provide dhcp so
to be separate from the corporate network.
Why wouldn't that same wireless router pass DHCP through a VLAN?
And why would a VLAN even be needed?

Why not just use cat5e from the wireless router's LAN port[s] to the other APs?
0
 
JAM-TechAuthor Commented:
I think the original request may have not been described correctly, let me try to get my meaning across.

I do not yet have any equipment for this project.  I am using an interface on the ISP provided router to route traffic straight out to the internet, the ISP is setting up firewall rules through their managed firewall to block the traffic on this interface from getting access to our corporate traffic.

My question is what is the best way using this interface on the ISPs router to setup guest wireless.  This would include the type of equipment, topology and configuration e.g connecting a Linksys router to the ISP interface with two APs connected to Linksys switching ports allowing the Linksys router to be the DHCP server.

Hope this makes more sense.
0
 
Darr247Commented:
> My question is what is the best way using this interface
on the ISPs router to setup guest wireless.

Well, it seems you have already decided on using a Linksys router for some reason.
Make its LAN IP a different subnet than your corporate LAN. I would even make it a different 'class' to make troubleshooting easier. e.g. if your corporate LAN is using 192.168.x.x, put the guest wireless on 10.x.x.x or 172.16-32.x.x, and vice-versa, but stick with a /24 (255.255.255.0) subnet mask.
Avoid using 192.168.0.x, 192.168.1.x or 192.168.2.x, as those are used as defaults by many consumer grade routers, and avoid 192.168.137.x as that's the subnet windows uses for Internet Connection Sharing.

For extra APs, I would recommend
EnGenius EAP600 -http://www.newegg.com/Product/Product.aspx?Item=N82E16833168107
and if you don't have AC power within 6 feet of their location, add a PoE Injector
EPE-5818GAF - http://www.newegg.com/Product/Product.aspx?Item=N82E16833999016

They sell a kit that combines those 2, but it appears to be $10 cheaper to buy them separately. Those support 802.1q tags if you decide to implement a VLAN.

An alternative, if you desire external/removable antennae, would be the
EnGenius ECB600 - http://www.newegg.com/Product/Product.aspx?Item=N82E16833168126
Those support PoE and VLAN tagging, as well.

If you haven't already bought the Linksys, I recommend the
EnGenius ESR750H - http://www.newegg.com/Product/Product.aspx?Item=N82E16833168096

I'd use a WPA2 passphrase unless the signal is not available outside the building.

The same SSID and WPA2 security can be used on each one, though I would put them on different non-overlapping channels (1, 6 or 11 on the 2.4GHz band).
That won't provide "seamless" roaming, but the connection should only drop for 15 seconds or so when they switch APs (surfing while walking isn't very safe in most work environments, anyway).

Other than that, what configuration issues were you not sure about?
0
 
JAM-TechAuthor Commented:
The IP configuration will not be a problem, my main concern was what equipment I should use and how to provision dhcp in this scenario.

Linksys is by no means my preference, its just something I've used before.  I will list the questions that I need to know below.

1. From the ISP's router, what devices are connected e.g ISP router -> EnGenius, EnGenius -> Wireless AP?
2. What device will provide DHCP with this configuration, EnGenius or ISP Router?
3. Would a managed switch be used between the three devices to carry the VLAN traffic?
0
 
Darr247Commented:
What brand/model/version is the ISP router?
0
 
JAM-TechAuthor Commented:
I have now had confirmation from the ISP that they can not provide DHCP.

The ISPs router is a Juniper SRX210.

Thanks,
0
 
Darr247Commented:
OK, then... to the questions in http:#a39235025 :

1) Juniper -> your 'guest' router -> AP[s]

2) your 'guest' router could supply DHCP.

3) I don't see why a separate managed switch would be required (actually, I don't see why a VLAN would be required, if the ISP is going to sequester the port connected to the 'guest' router from the rest of your LAN); the 'guest' router will essentially be a managed switch.
0
 
JAM-TechAuthor Commented:
If I was to use the ESR750H what AP would you recommend connecting to it?  I see it has 4 Ethernet ports I could use for additional APs.
0
 
Darr247Commented:
The EAP600 is no more obtrusive than a smoke detector.
Is there some drawback you're not telling us about that would prevent the use of that model?
0
 
JAM-TechAuthor Commented:
No reason just missed it.

So the final solution as discussed would be to connect the ESR750H router to the Juniper router and up to 4 EAP600 APs to the ESR750H.

In this configuration the ESR750H would provide DHCP while the Juniper works as the gateway.

How would the APs need to be configured?  Would they need to be bridged or is there any other considerations when connecting them?

Thanks,
0
 
Darr247Commented:
> How would the APs need to be configured?

I would put them in Access Point mode, and for IP Settings -> IP Network Setting, select the Obtain an IP address automatically (DHCP) radio button.

On the router, set the WAN to use a Static IP, and set the LAN to use a subnet chosen using the criteria outlined in http:#a39234957 - I would set WPS to Disabled on both bands to prevent anyone that doesn't know the wireless passphrase from connecting by just pushing the WPS button.
0
 
JAM-TechAuthor Commented:
Solution provided.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 8
  • 7
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now