Solved

Two Seperate networks on one internet connection without a VLAN

Posted on 2014-12-28
12
226 Views
Last Modified: 2015-01-15
I have a network that has a Point of Sale system all hard wired and we would like to install a WIFI access point for testing products that come into the store. The ISP is Comcast (irrelevant) but would like to keep them separate without having to go through a VLAN setup. So that in the case that an infected device comes in and is tested on the WIFI it will not infect the Hard wired network. Comcast has issues with VLAN's have set a few up for a few clients and their router is always an issue. We are going to use an ARUBA access point which has security in it. I was looking for a cost effective way to split the network. Thanks
0
Comment
Question by:georgopanos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40520686
Why are you so adverse to having separate VLANs? That would do exactly what you're looking for. Have the ISP signal come in to their box, then go to your own wireless router that also has wired ports. Configure that to have two networks, ex: 10.10.x.x and 10.20.x.x.  Use 10.10.x.x for either wireless or wired, and 10.20.x.x for the other.  You can achieve what you're looking for for pretty cheap.

I would also recommend additional security in the form of a firewall between the ISP and the router, and maybe another one or two on the other side of the router (between it and the other connection points). I would use a server running some VMs and an instance of PFSense or something else that won't drive your budget up.  I say this because it sounds like you're a small shop and likely don't have tens of thousands to throw at it.
0
 

Author Comment

by:georgopanos
ID: 40520688
I am not opposed to the VLAN setup. The reason is that I have setup 2 vlans via using Comcast as the ISP and their hardware with a netgear switch and has been nothing but problems since the original setup. If something funny happens with the Comcast router and its rebooted the netgear switch cannot get out to the internet and the switch needs rebooting. it has been a pain. that is why I was hoping for an alternate solution.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40520691
Here's a diagram that you might use for this purpose.
Wired or wireless makes no difference really......
Multiple-Subnets.pdf
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 10

Accepted Solution

by:
schaps earned 500 total points
ID: 40520722
If you haven't checked your Aruba documentation yet, most Aruba stuff supports creation of a "guest" wireless network in addition to the main wireless network(s), and the access point can block LAN access for the guest network.
Since this test network is just needed wirelessly, not wired, there is no need for VLANs anyway. The simple guest network functionality provided by many SOHO wireless equipment these days is all you need.
0
 

Author Comment

by:georgopanos
ID: 40520746
Well will the aruba guest network be able to block traffic to the wired network that is what my worry is.
0
 
LVL 10

Expert Comment

by:schaps
ID: 40520756
Without more details on what exact equipment you have, I can't say. However, I can say that the implied meaning of a "guest wireless network" is a wireless network which allows guests access to the Internet only, no access to anything on the main network, whether wired or wireless. You can often additionally restrict whether two devices on the Guest wireless network can even interact with each other.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40520930
What concerns me just a little is that you say "Aruba Access Point" and we don't know what that is more specifically.
Here's the situation:
- Some "access points" are just routers with a WAN and LAN set of connections.
- Other "Access Points" are not routers entirely and only connect to a single LAN.  There's no NAT and no WAN connection.

The diagram I sent you suggests using a router-type device to separate the individual LANs.
So, if the Aruba you have in mind has a WAN connection then you will be on the right path.
Did the diagram help?
0
 
LVL 10

Expert Comment

by:schaps
ID: 40520968
Aruba makes mostly access points. I am assuming the OP has Comcast Business Class with a gateway/cable modem, since this appears to be a place of business.
0
 

Author Comment

by:georgopanos
ID: 40528697
The Aruba access point is using the Comcast Router as its DHCP server. I agree that the Aruba should be able to handle control of preventing crossover to the wired network. I also spoke to the tech support from Aruba and they said that they think the same thing, but the tech guy said he would prefer to the setup of  a VLAN also. I have done training with Aruba and the security is really good in the access point, but I am trying to be as preventative as possible without setting up a VLAN and having problems with Comcast router.
0
 
LVL 10

Expert Comment

by:schaps
ID: 40529825
...the tech guy said he would prefer to the setup of  a VLAN...
I would agree, but that adds a lot of complexity if the access point could segment the traffic without needing VLANs. The Comcast Business Class cable gateways I've seen have basic routing and firewall capability, but don't do VLANs. If you're not sure whether the Aruba AP can do what you need, please share the model #, and we can look it up for you.
If it cannot, additional equipment will be needed, as has been mentioned. If you end up doing that, I'd go with a small business Sonicwall, Watchguard or similar to create the separate network.
0
 

Author Comment

by:georgopanos
ID: 40530646
Aruba AP 205
0
 

Author Closing Comment

by:georgopanos
ID: 40551225
Spoke to Aruba TAC department and they said the same thing that their guest network was made for security such as a VLAN!
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question