vanroybel
asked on
Creating a wifi access to internet with no access to files on the network
Hello,
I was asked to setup a wifi access for the clients who come in meetings with people of our company. But we don't want to give them access to the files on the network, only to internet. I know it's possible because there is so much wifi access everywhere, and we shouldn't have access to the files of these network (macdonalds, airports wifi, ...)
They shouldn't be able to access the files on the computers in our domain, but our NAS don't have windows security, it's linux in them so we have to give public access.
So I'd like some link on how to configure things like that. Do I have to buy some specific hardware? I'm pretty sure I could find that on google, but I have no idea how to ask the question.
I was asked to setup a wifi access for the clients who come in meetings with people of our company. But we don't want to give them access to the files on the network, only to internet. I know it's possible because there is so much wifi access everywhere, and we shouldn't have access to the files of these network (macdonalds, airports wifi, ...)
They shouldn't be able to access the files on the computers in our domain, but our NAS don't have windows security, it's linux in them so we have to give public access.
So I'd like some link on how to configure things like that. Do I have to buy some specific hardware? I'm pretty sure I could find that on google, but I have no idea how to ask the question.
ASKER
Thanks for the answer.
Ok, I'm trying to do that. How will the access point know where to look for internet if I set it up like that. I mean the access point won't be in the network with internet access.
Let's say my IP range is 10.0.5.x. I then create a new range 10.0.6.x and use it for the access point. Let's say my gateway is 10.0.5.7. Can I configure my access point to have the IP 10.0.6.1 and have a gateway and dns 10.0.5.7?
It seems that it doesn't accept this configuration.
Ok, I'm trying to do that. How will the access point know where to look for internet if I set it up like that. I mean the access point won't be in the network with internet access.
Let's say my IP range is 10.0.5.x. I then create a new range 10.0.6.x and use it for the access point. Let's say my gateway is 10.0.5.7. Can I configure my access point to have the IP 10.0.6.1 and have a gateway and dns 10.0.5.7?
It seems that it doesn't accept this configuration.
Hi,
if you buy professional AP like http://www.zyxel.com/products_services/nwa5120_series.shtml?t=p
they have integrated L2 isolation. You just simple turn it on and setup MAC addresses of device where user can connect all others will be blocked. On this device you can have up to 8-16 SSID networks with special configuration of security, filters and more. Iam using one network for public without password but specified VLAN for slow conection on internet and L2 isolation one VIP guest with password L2 isolatio but faster net and access to partner s storage. And 3 virtual network for employers with RADIUS protection so every emplayer have own password and I easy see him in logs.
if you buy professional AP like http://www.zyxel.com/products_services/nwa5120_series.shtml?t=p
they have integrated L2 isolation. You just simple turn it on and setup MAC addresses of device where user can connect all others will be blocked. On this device you can have up to 8-16 SSID networks with special configuration of security, filters and more. Iam using one network for public without password but specified VLAN for slow conection on internet and L2 isolation one VIP guest with password L2 isolatio but faster net and access to partner s storage. And 3 virtual network for employers with RADIUS protection so every emplayer have own password and I easy see him in logs.
No that will not work
Can you describe the topology
What provides the broadband
How is dhcp allocated
What router /switches /firewall
Do you have
Are any vlan capable ?
Can you describe the topology
What provides the broadband
How is dhcp allocated
What router /switches /firewall
Do you have
Are any vlan capable ?
ASKER
Ok,
We have a draytek router (vigor 2925), a SBS2003 server (this is the DHCP server), 2 basic switches.
We use a cisco WAP200 as the access point for the wifi. We only need one as this is a wifi access points for the client when they come for meetings.
It is possible for us to buy hardware for this, but I would like to use the least pricey means available.
We have a draytek router (vigor 2925), a SBS2003 server (this is the DHCP server), 2 basic switches.
We use a cisco WAP200 as the access point for the wifi. We only need one as this is a wifi access points for the client when they come for meetings.
It is possible for us to buy hardware for this, but I would like to use the least pricey means available.
Ok that makes sense
Are you saying the CiscoWap is presently providing wifi inside the network (if some will it still be required to do so)
ie you want some users to have full network access and some to have guest only access?
Or will it be for guest access only ?
Are you saying the CiscoWap is presently providing wifi inside the network (if some will it still be required to do so)
ie you want some users to have full network access and some to have guest only access?
Or will it be for guest access only ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well thanks for that.
It seems the configuration I have at the moment will be sufficient. I only have to understand how to configure these vlan.
I'll search for a tutorial because I have no idea how to do that.
But you answered my question, and now I know what to google, and I have an idea of what to do.
Thanks for your help
It seems the configuration I have at the moment will be sufficient. I only have to understand how to configure these vlan.
I'll search for a tutorial because I have no idea how to do that.
But you answered my question, and now I know what to google, and I have an idea of what to do.
Thanks for your help
Sorry it is a little vague
If it was Sonicwall I can give chapter and verse
If you do need more specifics
raise another post here and I will pick it up
( Good luck with Sage Btw)
If it was Sonicwall I can give chapter and verse
If you do need more specifics
raise another post here and I will pick it up
( Good luck with Sage Btw)
Simply install an access point
With a completely different ip range from your current network
Turn dhcp on
Set it to issue a guest ssid and secure it with a password
The precise requirement will depend on the topology of your network
Broadband firewall what provides dhcp
And also the physical area you wish to provide cover for (a single room or the whole building - in which case you may need more than one device