I have a wired LAN. Currently there is no wireless access to it. If I add a wireless access device to let mobile devices have access to the Internet. how can I ensure that any device connected to the wireless access device cannot access any resources on my LAN? They should be routed straight to the Internet only.
I assume the wireless access device will be a router. If so, I assume it will be an Asus device running Merlin firmware because I want to work with something I am familiar with and that I like.
I know I could connect the wireless router's WAN port directly to my ISP -- i.e., put the wireless router outside of my LAN. (That's actually what I presently do.) However, I have RJ45 jacks everywhere and someone with physical access to my property could move this device and connect it inside my LAN -- maybe innocently. So my question is really starting from the point of assuming this has happened. I further assume they will not factory reset and/or reconfigure the device. I just want to address the situation where the device is innocently moved to connect it inside the LAN. I want to be confident that if this happens, clients connected via that device will not have any access to my LAN resources.
What are my best options for accomplishing this?
I assume the wireless access device will be a router. If so, I assume it will be an Asus device running Merlin firmware because I want to work with something I am familiar with and that I like.
I know I could connect the wireless router's WAN port directly to my ISP -- i.e., put the wireless router outside of my LAN. (That's actually what I presently do.) However, I have RJ45 jacks everywhere and someone with physical access to my property could move this device and connect it inside my LAN -- maybe innocently. So my question is really starting from the point of assuming this has happened. I further assume they will not factory reset and/or reconfigure the device. I just want to address the situation where the device is innocently moved to connect it inside the LAN. I want to be confident that if this happens, clients connected via that device will not have any access to my LAN resources.
What are my best options for accomplishing this?