Creating a wifi access to internet with no access to files on the network


I was asked to setup a wifi access for the clients who come in meetings with people of our company. But we don't want  to give them access to the files on the network, only to internet. I know it's possible because there is so much wifi access everywhere, and we shouldn't have access to the files of these network (macdonalds, airports wifi, ...)
They shouldn't be able to access the files on the computers in our domain, but our NAS don't have windows security, it's linux in them so we have to give public access.
So I'd like some link on how to configure things like that. Do I have to buy some specific hardware? I'm pretty sure I could find that on google, but I have no idea how to ask the question.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cpmcomputersManaging DirectorCommented:
The basic principle is easy

Simply install an access point
With a completely different ip range from your current network

Turn dhcp on
Set it to issue a guest ssid and secure it with a password

The precise requirement will depend on the topology of your network
Broadband firewall what provides dhcp

And also the physical area you wish to provide cover for (a single room or the whole building - in which case you may need more than one device
vanroybelAuthor Commented:
Thanks for the answer.

Ok, I'm trying to do that. How will the access point know where to look for internet if I set it up like that. I mean the access point won't be in the network with internet access.

Let's say my IP range is 10.0.5.x. I then create a new range 10.0.6.x and use it for the access point. Let's say my gateway is Can I configure my access point to have the IP and have a gateway and dns
It seems that it doesn't accept this configuration.
Jaroslav MrazCTOCommented:

if you buy professional AP like

they have integrated L2 isolation. You just simple turn it on and setup MAC addresses of device where user can connect all others will be blocked. On this device you can have up to 8-16 SSID networks with special configuration of security, filters and more. Iam using one network for public without password but specified VLAN for slow conection on internet and L2 isolation one VIP guest with password L2 isolatio but faster net and access to partner s storage. And 3 virtual network for employers with RADIUS protection so every emplayer have own password and I easy see him in logs.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

cpmcomputersManaging DirectorCommented:
No that will not work
Can you describe the topology
What provides the broadband
How is dhcp allocated
What router /switches /firewall
Do you have
Are any vlan capable ?
vanroybelAuthor Commented:

We have a draytek router (vigor 2925), a SBS2003 server (this is the DHCP server), 2 basic switches.
We use a cisco WAP200 as the access point for the wifi. We only need one as this is a wifi access points for the client when they come for meetings.
It is possible for us to buy hardware for this, but I would like to use the least pricey means available.
cpmcomputersManaging DirectorCommented:
Ok that makes sense

Are you saying the CiscoWap is presently providing wifi inside the network (if some will it still be required to do so)
ie you want some users to have full network access and some to have guest only access?

Or will it be for guest access only ?
cpmcomputersManaging DirectorCommented:
Seems your cisco WAP200 is Vlan capable as is the Vigour 2925

If the Vigour is in close proximity to where your guests are
You can simply set up a wifi vlan on that device as this has that capability.
Would need to consult the manual sorry I tend to use sonicwall

If you do ned to use the WAP then

See this link which illustrates what you would need to set up

What you would need to do is setup a guest Vlan on each device
the vigour would them handle the routing through to the  internet

turning off the ability for interlan traffic would protect your internal network

Hope this helps

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vanroybelAuthor Commented:
Well thanks for that.
It seems the configuration I have at the moment will be sufficient. I only have to understand how to configure these vlan.
I'll search for a tutorial because I have no idea how to do that.
But you answered my question, and now I know what to google, and I have an idea of what to do.

Thanks for your help
cpmcomputersManaging DirectorCommented:
Sorry it is a little vague
If it was Sonicwall I can give chapter and verse

If you do need more specifics
raise another post here and I will pick it up

( Good luck with Sage Btw)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.