Solved

Wireless Access Point DHCP to LAN Sharing LAN Resources

Posted on 2014-02-15
21
557 Views
Last Modified: 2014-03-06
Hello,

I have an office LAN (192.168.101.0), and I've been asked to add a wireless access point (Netgear).  I want to have the wireless access point use DHCP to each of the wireless clients resulting in another sub net (192.168.0.0).  My real question is what is the technique(s) or best practices for having these wireless clients being able to normally access the LAN (192.168.101.0) network (and Windows) resources, just as one of the normal LAN hosts would (i.e. a host at 192.168.101.20).  Resources such as printers, network shares, etc.  We do not use active directory, as we are just a Windows work group and we also use Linux Samba.

Thanks in advance...
0
Comment
Question by:racone
  • 10
  • 8
  • 2
  • +1
21 Comments
 
LVL 20

Expert Comment

by:CompProbSolv
ID: 39861795
You should be able to accomplish this by using a wireless router (not an access point) to do the DHCP for the wireless devices.  You would configure the WAN side of the wireless router to be on the same 192.168.101.0 subnet (e.g. 192.168.101.2) and the LAN side to be on the 192.168.0.0 subnet (e.g. 192.168.0.1).  Configure the wireless router to do DHCP (e.g. 192.168.0.100-192.168.0.199) and that should work.

Keep in mind that this will make it difficult for devices on the wired LAN to access devices on the wireless LAN, but that doesn't seem to be a problem with your description.
0
 
LVL 11

Expert Comment

by:Technodweeb
ID: 39861930
Why do you want to use a different subnet for the wireless clients? The thoughts by CompProbSolv above are accurate and will work as described. To add, you will be double NATing the wireless users which might break some internet applications like VoIP or others that need to keep persistent connections.

Another thought would be to use a router that can do both the wired LAN and provide Wireless and then use routing tables in the device to eliminate the double NAT issue as well it would be an easier configuration to manage.
0
 
LVL 1

Author Comment

by:racone
ID: 39861990
Currently the WAP forwards directly into our LAN and our LAN DHCP provides normal LAN IP addresses.  That might be the best approach than a separate sub net as suggested.  Still debating.  Not sure I want to use precious LAN IP addresses here, but it would be easier to manage.
0
 
LVL 11

Expert Comment

by:Technodweeb
ID: 39861992
How many users/devices do you have on the LAN?
0
 
LVL 1

Author Comment

by:racone
ID: 39862005
255.255.255.0 subnet - 150 IP's used...
0
 
LVL 11

Expert Comment

by:Technodweeb
ID: 39862034
What router do you current use? Does it support multiple subnets or at least opening up the /24 subnet to say a /23 or other?
0
 
LVL 1

Author Comment

by:racone
ID: 39862078
Netgear WNAP320  Not sure about the subnets...
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39862595
Ok first thing - don't over-complicate it.  What would you want or need to add a different subnet for?  If you want to add a new AP there's no reason why you should need to add a new subnet unless you need to allow more clients to connect than your subnet allows.

Simply adding an AP is fine if you have an underlying network with services already running on it and adding a router just adds another layer of complexity, especially for services such as file-sharing which largely rely on broadcast traffic.
0
 
LVL 11

Expert Comment

by:Technodweeb
ID: 39862791
Sorry, I meant to ask about your main router? The WNAP320 is an access point only.
0
 
LVL 1

Author Comment

by:racone
ID: 39862836
Cisco 300 series SG300-52 managed
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 11

Expert Comment

by:Technodweeb
ID: 39862845
OK, getting closer... The SG300-52 is a switch. The router is the device that gives out the IP addresses through DHCP. Or does your Linuz server hand out DHCP?
0
 
LVL 1

Author Comment

by:racone
ID: 39862929
Base LAN DHCP, Barracuda Link Balancer, static 5 IP address range.

Remote network connections, Barracuda SSL VPN, static 15 IP address range.

I would prefer just 1 DHCP server, but Barracuda SSL VPN would support currently (feature request).

Base LAN DHCP will need to be expanded for this new wireless initiative.  Probably to 10 IP addresses.

I can see the wireless thing expanding more in the future of course.  Maybe with another access point in another part of the building.
0
 
LVL 1

Author Comment

by:racone
ID: 39862934
I meant to say that the Barracuda SSL VPN requires it's own DHCP currently.  Barracuda has a feature request for this for the future.   I don't like having 2 DHCP servers, but I have to...
0
 
LVL 1

Author Comment

by:racone
ID: 39862937
I would prefer just 1 simple DHCP server, but oh well.  Maybe in the future...

We use a lot of static IP's.  We don't do a lot with DHCP...
0
 
LVL 11

Expert Comment

by:Technodweeb
ID: 39863326
Oh my... As an admin, I would never want to manage that many devices in a static fashion. Nothing incorrect by doing it that way, just administratively a nightmare.

The VPN addresses are probably a different network than your LAN and the Barracuda handles the routing and translations, which is fine.

I think I understand why you were going in the direction you were going originally, with the wireless router. You may not have an option but to do it that way unless you completely redefine the network schema, which would not really be that hard, but would take some planning to execute properly.
0
 
LVL 1

Author Comment

by:racone
ID: 39863521
Agreed.  Future, probably setup a separate workstation/printer (and associated) VLAN with separate subnet with a bridge to the sub net we have now.  Will do that in the future as more devices are added.

Barracuda SSL VPN is supposed be updated to allow a back-end (single) DHCP, which would simplify.  In the mean time I'll just deal with this as is.

By the way, for future reference, what can you tell me about subnet bridging?  I know how to make a VLAN on the switch.  We can change all the devices (like Windows client hosts) to the new subnet.  Will you create each device with a default gateway to the existing LAN (or something like that)?  How do you config the managed switch to do that?  Thanks in advance for the future advice!  I will put all the Windows client hosts (Win 7 , etc.) and printers on the new subnet, and the existing subnet will have all the core servers, etc. (not to be disturbed too much (very important).  Your thoughts?
0
 
LVL 11

Expert Comment

by:Technodweeb
ID: 39863586
Never tried any subnet bridging efforts. Not certain I could help you there. I am more apt to routing and segmenting my lans that way. VLan is good when you have multiple type of traffic sharing a backhaul or a pair of switches so the switch is more optimized to direct the traffic with less broadcast requests.
0
 
LVL 1

Author Comment

by:racone
ID: 39863608
Got it.  We have mission critical servers and networking equipment on this single subnet.  However, we're getting more (less important) workstations and printers on the subnet, and I fear running out of the 255 IP's there in the future,  We can't disrupt the current subnet (too many partners with MPLS connections, etc.. and we can't have any downtime).  Your suggestions for dealing with?
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39863642
Just change the subnet mask and use a single subnet - all of the bridging and adding routers really is just overkill and unnecessary.

Your existing subnet is 192.168.101.0/24

So, just change that to 192.168.100.0/23

That will give you from 192.168.100.1 - 192.168.101.254

You'll be able to leave the same IP addresses on everything you have and just change the subnet mask from 255.255.255.0 to 255.255.254.0 and give workstations addresses in the 192.168.100.1 - 192.168.100.255 range, using the same subnet mask and gateway as the devices using 192.168.101.1 - 255 addresses.

It really doesn't have to be complicated.
0
 
LVL 11

Accepted Solution

by:
Technodweeb earned 500 total points
ID: 39863733
I agree. In fact I made that suggestion too before we got off on how your networking hardware was configured. I will urge you to un-complicate your current situation and re-engineer your network sooner rather than later. If you cannot afford down time, you should make your environment more friendly to administer and to locate your issues when they arise.
0
 
LVL 1

Author Closing Comment

by:racone
ID: 39911166
Thanks to all!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

This article is split into background info to start and actual review at bottom: Some time ago I wanted to sell a system with both wired and wireless capability but at minimum expense.  Having visited my trusted online auction I was pleasantly su…
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now