Solved

Two Seperate networks on one internet connection without a VLAN

Posted on 2014-12-28
12
233 Views
Last Modified: 2015-01-15
I have a network that has a Point of Sale system all hard wired and we would like to install a WIFI access point for testing products that come into the store. The ISP is Comcast (irrelevant) but would like to keep them separate without having to go through a VLAN setup. So that in the case that an infected device comes in and is tested on the WIFI it will not infect the Hard wired network. Comcast has issues with VLAN's have set a few up for a few clients and their router is always an issue. We are going to use an ARUBA access point which has security in it. I was looking for a cost effective way to split the network. Thanks
0
Comment
Question by:georgopanos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40520686
Why are you so adverse to having separate VLANs? That would do exactly what you're looking for. Have the ISP signal come in to their box, then go to your own wireless router that also has wired ports. Configure that to have two networks, ex: 10.10.x.x and 10.20.x.x.  Use 10.10.x.x for either wireless or wired, and 10.20.x.x for the other.  You can achieve what you're looking for for pretty cheap.

I would also recommend additional security in the form of a firewall between the ISP and the router, and maybe another one or two on the other side of the router (between it and the other connection points). I would use a server running some VMs and an instance of PFSense or something else that won't drive your budget up.  I say this because it sounds like you're a small shop and likely don't have tens of thousands to throw at it.
0
 

Author Comment

by:georgopanos
ID: 40520688
I am not opposed to the VLAN setup. The reason is that I have setup 2 vlans via using Comcast as the ISP and their hardware with a netgear switch and has been nothing but problems since the original setup. If something funny happens with the Comcast router and its rebooted the netgear switch cannot get out to the internet and the switch needs rebooting. it has been a pain. that is why I was hoping for an alternate solution.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40520691
Here's a diagram that you might use for this purpose.
Wired or wireless makes no difference really......
Multiple-Subnets.pdf
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 10

Accepted Solution

by:
schaps earned 500 total points
ID: 40520722
If you haven't checked your Aruba documentation yet, most Aruba stuff supports creation of a "guest" wireless network in addition to the main wireless network(s), and the access point can block LAN access for the guest network.
Since this test network is just needed wirelessly, not wired, there is no need for VLANs anyway. The simple guest network functionality provided by many SOHO wireless equipment these days is all you need.
0
 

Author Comment

by:georgopanos
ID: 40520746
Well will the aruba guest network be able to block traffic to the wired network that is what my worry is.
0
 
LVL 10

Expert Comment

by:schaps
ID: 40520756
Without more details on what exact equipment you have, I can't say. However, I can say that the implied meaning of a "guest wireless network" is a wireless network which allows guests access to the Internet only, no access to anything on the main network, whether wired or wireless. You can often additionally restrict whether two devices on the Guest wireless network can even interact with each other.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40520930
What concerns me just a little is that you say "Aruba Access Point" and we don't know what that is more specifically.
Here's the situation:
- Some "access points" are just routers with a WAN and LAN set of connections.
- Other "Access Points" are not routers entirely and only connect to a single LAN.  There's no NAT and no WAN connection.

The diagram I sent you suggests using a router-type device to separate the individual LANs.
So, if the Aruba you have in mind has a WAN connection then you will be on the right path.
Did the diagram help?
0
 
LVL 10

Expert Comment

by:schaps
ID: 40520968
Aruba makes mostly access points. I am assuming the OP has Comcast Business Class with a gateway/cable modem, since this appears to be a place of business.
0
 

Author Comment

by:georgopanos
ID: 40528697
The Aruba access point is using the Comcast Router as its DHCP server. I agree that the Aruba should be able to handle control of preventing crossover to the wired network. I also spoke to the tech support from Aruba and they said that they think the same thing, but the tech guy said he would prefer to the setup of  a VLAN also. I have done training with Aruba and the security is really good in the access point, but I am trying to be as preventative as possible without setting up a VLAN and having problems with Comcast router.
0
 
LVL 10

Expert Comment

by:schaps
ID: 40529825
...the tech guy said he would prefer to the setup of  a VLAN...
I would agree, but that adds a lot of complexity if the access point could segment the traffic without needing VLANs. The Comcast Business Class cable gateways I've seen have basic routing and firewall capability, but don't do VLANs. If you're not sure whether the Aruba AP can do what you need, please share the model #, and we can look it up for you.
If it cannot, additional equipment will be needed, as has been mentioned. If you end up doing that, I'd go with a small business Sonicwall, Watchguard or similar to create the separate network.
0
 

Author Comment

by:georgopanos
ID: 40530646
Aruba AP 205
0
 

Author Closing Comment

by:georgopanos
ID: 40551225
Spoke to Aruba TAC department and they said the same thing that their guest network was made for security such as a VLAN!
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question