Link to home
Start Free TrialLog in
Avatar of LockDown32
LockDown32Flag for United States of America

asked on

Guest Wireless in a Business Environment

I have a customer who has a small Server 2012 network. 8 workstations and one wireless AP (for computers on his domain). Their internet is Cable. Comes in to a SonicWall TZ100.

   What is the most cost effective way to have a second AP for "Guests" that would not let anyone using it be on his main network?
ASKER CERTIFIED SOLUTION
Avatar of CompProbSolv
CompProbSolv
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Fred's solution will certainly work.  It adds some maintenance issues where devices on the office computers traverse through two NAT routers to get to the internet.  It shouldn't cause you any trouble unless you need to open any ports in the router for any sort of remote access.  You'll have to do that on both routers.  It will all function, just takes a bit more effort in that case.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
And to expand heavily on CompProSolv's original response, you could tinker with the PortShield groups and create a second LAN that's tied to one of the Ethernet ports on the Sonicwall itself. As pointed out before, you'd have to make sure to disable any access rules between the two LANs. Sort out how you want DHCP to work, put an AP on that network, and you're good to go.

So while you can do this, I'd sooner buy a UniFi (relatively low cost unit) and do the VLAN scenario. That prevents you from even needing a second access point to begin with.

Speaking solely in terms of money, both approaches are pretty inexpensive, unless you want some high end AP.

BTW - I want to make sure I read that right, a TZ100? Please have your customer upgrade that unit if you can. That's a very outdated model.
Avatar of LockDown32

ASKER

I have done it before with the SonicWall port partitioning. Easy enough to do. Seems to be the standard. Thanks guys.