Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 188
  • Last Modified:

How to segment all wireless traffic

We have a wireless access point that is in our network and is dishing out 192.0.0.0 addresses to any wireless device attached to it. The only issue is that one can access our 10.0.0.0 domain network.
We want all traffic that rides on the wireless to only be for internet access only.

What do we have to do? Do we have to do NATing of some sort to make sure that nothing on the 10.0.0.0 scheme is accessible?
0
Robert Mohr
Asked:
Robert Mohr
  • 7
  • 4
1 Solution
 
DMTechGrooupCommented:
All depends how you have it connected.  If you have a smart switch you could use VLans.  If it is connected to a firewall as the default gateway and the firewall is high end enough you could deny a route from one subnet to the other.  Or you could use a switch and split the internet before it goes into firewall and have two separate networks.

Would need more information on how you have the entire thing connected.  Equipment, etc.
0
 
Robert MohrAuthor Commented:
My wireless device connects to Port 2 on the switch.
Could I create a VLAN on Port 2 only and then in the wireless device point to that VLAN?

If this is the right way to do it, then I could need to know how to create this VLAN within the switch.
0
 
Robert MohrAuthor Commented:
Any thoughts on how to create a VLAN on a SMC6750L2 TigerSwitch using the web interface on a single port during production hours?  I think if I can accomplish this then the wireless access point will be simple.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
DMTechGrooupCommented:
What type of firewall are you using? make/model
0
 
Robert MohrAuthor Commented:
Why do you need the firewall?
Shouldn't the switch and wireless be the only things that need to be configured?
0
 
DMTechGrooupCommented:
Something has to do your routing
0
 
Robert MohrAuthor Commented:
Cisco 2900
0
 
DMTechGrooupCommented:
I havent worked with your switches for this.  If it were me I would use the router and create an access list to deny subnet b access to subnet a type thing.
0
 
Robert MohrAuthor Commented:
OK. Thank-you.
0
 
Dr. KlahnPrincipal Software EngineerCommented:
Build a DMZ.  Put the WAP in the DMZ.  Then put a second firewall in the DMZ, and run the 10.0 network behind the second firewall.  The WAP then cannot get through the second firewall into the 10.0 network.

If the installation in question is not large, the second firewall can be a consumer-grade product without wireless capability.  Or a wireless firewall with the WiFi turned off.

Schematically:  Internet modem connects to firewall 1.  Firewall 1 serves WAP and firewall 2.  Firewall 2 serves the 10.0 network.  The WAP is on the inside of firewall 1 and can get to the internet, but on the outside of firewall 2 and so cannot get to the 10.0 network.

Cost, around $30 if you use a consumer-grade firewall.
0
 
Robert MohrAuthor Commented:
We ended up creating a completely different subnet altogether on one available interface and as long as the WAN had that gateway associated it didn't matter what IP the devices had on the wifi LAN side. It works great and all traffic is segregated.
0
 
Robert MohrAuthor Commented:
We went a different route
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now