Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

Two Seperate networks on one internet connection without a VLAN

I have a network that has a Point of Sale system all hard wired and we would like to install a WIFI access point for testing products that come into the store. The ISP is Comcast (irrelevant) but would like to keep them separate without having to go through a VLAN setup. So that in the case that an infected device comes in and is tested on the WIFI it will not infect the Hard wired network. Comcast has issues with VLAN's have set a few up for a few clients and their router is always an issue. We are going to use an ARUBA access point which has security in it. I was looking for a cost effective way to split the network. Thanks
0
georgopanos
Asked:
georgopanos
  • 5
  • 4
  • 2
  • +1
1 Solution
 
Sean JacksonCommented:
Why are you so adverse to having separate VLANs? That would do exactly what you're looking for. Have the ISP signal come in to their box, then go to your own wireless router that also has wired ports. Configure that to have two networks, ex: 10.10.x.x and 10.20.x.x.  Use 10.10.x.x for either wireless or wired, and 10.20.x.x for the other.  You can achieve what you're looking for for pretty cheap.

I would also recommend additional security in the form of a firewall between the ISP and the router, and maybe another one or two on the other side of the router (between it and the other connection points). I would use a server running some VMs and an instance of PFSense or something else that won't drive your budget up.  I say this because it sounds like you're a small shop and likely don't have tens of thousands to throw at it.
0
 
georgopanosAuthor Commented:
I am not opposed to the VLAN setup. The reason is that I have setup 2 vlans via using Comcast as the ISP and their hardware with a netgear switch and has been nothing but problems since the original setup. If something funny happens with the Comcast router and its rebooted the netgear switch cannot get out to the internet and the switch needs rebooting. it has been a pain. that is why I was hoping for an alternate solution.
0
 
Fred MarshallCommented:
Here's a diagram that you might use for this purpose.
Wired or wireless makes no difference really......
Multiple-Subnets.pdf
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
schapsCommented:
If you haven't checked your Aruba documentation yet, most Aruba stuff supports creation of a "guest" wireless network in addition to the main wireless network(s), and the access point can block LAN access for the guest network.
Since this test network is just needed wirelessly, not wired, there is no need for VLANs anyway. The simple guest network functionality provided by many SOHO wireless equipment these days is all you need.
0
 
georgopanosAuthor Commented:
Well will the aruba guest network be able to block traffic to the wired network that is what my worry is.
0
 
schapsCommented:
Without more details on what exact equipment you have, I can't say. However, I can say that the implied meaning of a "guest wireless network" is a wireless network which allows guests access to the Internet only, no access to anything on the main network, whether wired or wireless. You can often additionally restrict whether two devices on the Guest wireless network can even interact with each other.
0
 
Fred MarshallCommented:
What concerns me just a little is that you say "Aruba Access Point" and we don't know what that is more specifically.
Here's the situation:
- Some "access points" are just routers with a WAN and LAN set of connections.
- Other "Access Points" are not routers entirely and only connect to a single LAN.  There's no NAT and no WAN connection.

The diagram I sent you suggests using a router-type device to separate the individual LANs.
So, if the Aruba you have in mind has a WAN connection then you will be on the right path.
Did the diagram help?
0
 
schapsCommented:
Aruba makes mostly access points. I am assuming the OP has Comcast Business Class with a gateway/cable modem, since this appears to be a place of business.
0
 
georgopanosAuthor Commented:
The Aruba access point is using the Comcast Router as its DHCP server. I agree that the Aruba should be able to handle control of preventing crossover to the wired network. I also spoke to the tech support from Aruba and they said that they think the same thing, but the tech guy said he would prefer to the setup of  a VLAN also. I have done training with Aruba and the security is really good in the access point, but I am trying to be as preventative as possible without setting up a VLAN and having problems with Comcast router.
0
 
schapsCommented:
...the tech guy said he would prefer to the setup of  a VLAN...
I would agree, but that adds a lot of complexity if the access point could segment the traffic without needing VLANs. The Comcast Business Class cable gateways I've seen have basic routing and firewall capability, but don't do VLANs. If you're not sure whether the Aruba AP can do what you need, please share the model #, and we can look it up for you.
If it cannot, additional equipment will be needed, as has been mentioned. If you end up doing that, I'd go with a small business Sonicwall, Watchguard or similar to create the separate network.
0
 
georgopanosAuthor Commented:
Aruba AP 205
0
 
georgopanosAuthor Commented:
Spoke to Aruba TAC department and they said the same thing that their guest network was made for security such as a VLAN!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now