Wireless - making a virtual network for guests.

Posted on 2013-10-02
Medium Priority
Last Modified: 2013-10-20
Ive to go to an office tomorrow and I dont know if they have their own router or not.

Small office that has occasional visitors that need wireless access.
Dont want to get a second internet bill for another BB account and router if you know what I mean .

Small windows workgroup setup.

Easiest way?  

If ADSL > I can get a router that has a "virtual" guest wireless network?
If its not I can get a router that has a "virtual" guest wireless network?
Question by:fcek
  • 4
  • 3
LVL 27

Accepted Solution

Fred Marshall earned 1500 total points
ID: 39540811
I would just bring a wireless router with me and connect it to their internet router or LAN switch.  Assuming DHCP is running on the network, set it up for DHCP.  Set the LAN subnet for something different.

So, if their network is then set yours for or something like that.

Take a look at the attached diagrams.

Assisted Solution

by:Esteban Blanco
Esteban Blanco earned 500 total points
ID: 39540818
Cisco makes cheap wireless routers where they come with a guest access that you can enable and the users will be prompted to enter a password when opening their Internet browser on their device.

For small business that is what I have done and it has worked for me.  FMARSHALL is 100% right.  Set it up for DHCP if allowed.

Author Comment

ID: 39541806
fmarshall > thats brilliant.  

So the only connection to each router is via the WAN port and they are all on diff subnets.

So once the * changes the clients on each subnet cant see each other.  Like so.  
I can ping to test.

Alt get a router that has guest access.
These routers with guest access, even if password needed are not allowed to see other clients on the network I presume.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

LVL 27

Assisted Solution

by:Fred Marshall
Fred Marshall earned 1500 total points
ID: 39541836
On Page 1, the clients at the bottom can see "upward".  So they should be able to see the clients at the "higher level" subnets.  But not vice versa.  At least that's my experience with commodity routers like WRT54G, etc.

On Page 2, the clients on the "branches" at the bottom can't see across to the other branch.  But they can see up to the next level subnet (and not vice versa).
So, this might be a reason, if you want isolation, to connect at the highest level in the network possible.  Often there's only one level anyway.

Multiple levels complicate things like port forwarding but it doesn't sound like you care about that.

Author Comment

ID: 39541852
So the tops of the branches can see whats below?
If I cant ping the cleints on diff subnets they cant see each other right?
LVL 27

Assisted Solution

by:Fred Marshall
Fred Marshall earned 1500 total points
ID: 39541930
No, the other way around.  The top level subnets can't see down into the lower subnets without routes added.

PING is a good test as long as you're pinging a device that's set up to respond to PING/ICMP

Author Comment

ID: 39541943

This is probably the way its set up .... .

Modem + router 1 combo
Router 2 - i add

Which should I add my "risky" guests to?
LVL 27

Expert Comment

by:Fred Marshall
ID: 39548763
Either to an upper-level subnet or in a parallel subnet...

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question