Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Help please with security on a small network

Discussion in 'General Network Security' started by ray bright, Feb 7, 2013.

  1. ray bright

    ray bright New Around Here

    Feb 7, 2013

    I have a hotel with two different internet feeds, one I use for my office and the other for public access via hot spots.
    I have now been able to order fibre with a fast feed and so want to only use the one feed for both jobs.
    I want to know the best way of isolating my computers from the other public side.

    Can any one help.

  2. thiggins

    thiggins Mr. Easy Staff Member

    May 18, 2008
    Easiest way is to use a router or smart switch that supports VLANs.
    Go to the Router Finder, scroll down to the LAN section and check the VLAN filter.
  3. stevech

    stevech Part of the Furniture

    Mar 13, 2010
    San Diego
    The business side of your ISP can provide and can maintain a router supporting either dual ethernet NICs, or one NIC with VLANs.
    The latter is more complex than the former.
  4. rquared

    rquared New Around Here

    Feb 26, 2013
    One issue you will have is your guest network overrunning your business network on a shared line. The only way to stop that, is for your ISP to segment your line into two VLANs (stated in earlier post) and do traffic shaping to dedicate bandwidths for each VLAN. The issue with that is configuration on your side will be a bit more complex. As far as your question goes regarding isolation, if you do not believe (atleast initially) that your guest network will consume a ton of bandwidth, then simply put up a firewall on your guest network with your business network behind it. Treat the guest network like the 'Internet' since it is 100% untrusted, just route out to the 'net using the same router as the guest. Easy peasy.
  5. Nerre

    Nerre Senior Member

    Oct 17, 2012
    Wouldn't one way be to use two routers:

    First router connected to the internet and hosting the guest network (and using QoS to manage bandwidth). Since I guess the hotspots are separate access points this router does not need WiFi

    Second router put into the DMZ of the first router and serving the office network.

    I know the VLAN solutions probably are a better solution, but I think the two router solution is easier to set up.
  6. rquared

    rquared New Around Here

    Feb 26, 2013
    As I posted, I would use a firewall not a router. But yes, essentially you have the idea I was trying to present.

Share This Page