Solved

Two Seperate networks on one internet connection without a VLAN

Posted on 2014-12-28
12
217 Views
Last Modified: 2015-01-15
I have a network that has a Point of Sale system all hard wired and we would like to install a WIFI access point for testing products that come into the store. The ISP is Comcast (irrelevant) but would like to keep them separate without having to go through a VLAN setup. So that in the case that an infected device comes in and is tested on the WIFI it will not infect the Hard wired network. Comcast has issues with VLAN's have set a few up for a few clients and their router is always an issue. We are going to use an ARUBA access point which has security in it. I was looking for a cost effective way to split the network. Thanks
0
Comment
Question by:georgopanos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40520686
Why are you so adverse to having separate VLANs? That would do exactly what you're looking for. Have the ISP signal come in to their box, then go to your own wireless router that also has wired ports. Configure that to have two networks, ex: 10.10.x.x and 10.20.x.x.  Use 10.10.x.x for either wireless or wired, and 10.20.x.x for the other.  You can achieve what you're looking for for pretty cheap.

I would also recommend additional security in the form of a firewall between the ISP and the router, and maybe another one or two on the other side of the router (between it and the other connection points). I would use a server running some VMs and an instance of PFSense or something else that won't drive your budget up.  I say this because it sounds like you're a small shop and likely don't have tens of thousands to throw at it.
0
 

Author Comment

by:georgopanos
ID: 40520688
I am not opposed to the VLAN setup. The reason is that I have setup 2 vlans via using Comcast as the ISP and their hardware with a netgear switch and has been nothing but problems since the original setup. If something funny happens with the Comcast router and its rebooted the netgear switch cannot get out to the internet and the switch needs rebooting. it has been a pain. that is why I was hoping for an alternate solution.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40520691
Here's a diagram that you might use for this purpose.
Wired or wireless makes no difference really......
Multiple-Subnets.pdf
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Accepted Solution

by:
schaps earned 500 total points
ID: 40520722
If you haven't checked your Aruba documentation yet, most Aruba stuff supports creation of a "guest" wireless network in addition to the main wireless network(s), and the access point can block LAN access for the guest network.
Since this test network is just needed wirelessly, not wired, there is no need for VLANs anyway. The simple guest network functionality provided by many SOHO wireless equipment these days is all you need.
0
 

Author Comment

by:georgopanos
ID: 40520746
Well will the aruba guest network be able to block traffic to the wired network that is what my worry is.
0
 
LVL 10

Expert Comment

by:schaps
ID: 40520756
Without more details on what exact equipment you have, I can't say. However, I can say that the implied meaning of a "guest wireless network" is a wireless network which allows guests access to the Internet only, no access to anything on the main network, whether wired or wireless. You can often additionally restrict whether two devices on the Guest wireless network can even interact with each other.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40520930
What concerns me just a little is that you say "Aruba Access Point" and we don't know what that is more specifically.
Here's the situation:
- Some "access points" are just routers with a WAN and LAN set of connections.
- Other "Access Points" are not routers entirely and only connect to a single LAN.  There's no NAT and no WAN connection.

The diagram I sent you suggests using a router-type device to separate the individual LANs.
So, if the Aruba you have in mind has a WAN connection then you will be on the right path.
Did the diagram help?
0
 
LVL 10

Expert Comment

by:schaps
ID: 40520968
Aruba makes mostly access points. I am assuming the OP has Comcast Business Class with a gateway/cable modem, since this appears to be a place of business.
0
 

Author Comment

by:georgopanos
ID: 40528697
The Aruba access point is using the Comcast Router as its DHCP server. I agree that the Aruba should be able to handle control of preventing crossover to the wired network. I also spoke to the tech support from Aruba and they said that they think the same thing, but the tech guy said he would prefer to the setup of  a VLAN also. I have done training with Aruba and the security is really good in the access point, but I am trying to be as preventative as possible without setting up a VLAN and having problems with Comcast router.
0
 
LVL 10

Expert Comment

by:schaps
ID: 40529825
...the tech guy said he would prefer to the setup of  a VLAN...
I would agree, but that adds a lot of complexity if the access point could segment the traffic without needing VLANs. The Comcast Business Class cable gateways I've seen have basic routing and firewall capability, but don't do VLANs. If you're not sure whether the Aruba AP can do what you need, please share the model #, and we can look it up for you.
If it cannot, additional equipment will be needed, as has been mentioned. If you end up doing that, I'd go with a small business Sonicwall, Watchguard or similar to create the separate network.
0
 

Author Comment

by:georgopanos
ID: 40530646
Aruba AP 205
0
 

Author Closing Comment

by:georgopanos
ID: 40551225
Spoke to Aruba TAC department and they said the same thing that their guest network was made for security such as a VLAN!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPv6 and IPv4 Subnetting scheme 4 81
Just confused:  Router to Xfinity Tower? 9 76
Monitoring solutions 8 77
Import CSV with All modify groups 17 47
In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question