What's new

Isolating wireless traffic from wired?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

PcGuy

Occasional Visitor
A friend wants to allow his customers access to the Internet via a wireless connection to their DSL. Currently he only has 2 wired computers on a Win2k3 server but is planning on adding 6 more wired computers. The customers will be given the WPA wireless key. However he also is using a hardware wired router for their lan which has a Win2k3 server on it. I cringed when I heard this and told him that it wasnt secure even if the wireless is using WPA because the 2 routers are still using the same DSL connection.

I have also come across several articles using dd-wrt on say a LinkSys WRT54GL two of these are on the dd-wrt Wiki:

WLAN separate from LAN, with independent dhcp, etc

Separate LAN and WLAN


As well I found a post in a long thread over at the LinkSys forum.


Does anyone know if one of these methods more secure and reliable of isolating the WLAN in a business rather than using another suggestion of double routers with the wired router connected to a wireless router wired port?
 
When I have to set these up...I use a managed switch and create port based VLANs. Wireless in one VLAN, wired in the other VLAN.

Some business grade routers have managed switches on their LAN side..such as the Linksys RV0 series..which makes this incredibly easy.
 
I aggree with YeOldeStonecat, Your friend needs to use a router with VLAN support. One such router range is that of Draytek. Their ADSL2+, 802.11g router 2800G can split the wireless users into 15 seperate "VLAN" groups and still keep them off the wired network if that's what you want/need, which it is in this case. You can also set access Kbps rates per VLAN. LINK: http://www.draytek.com/product/index.php and if you want a quick play with the GUI here is the link to the web demo Link: http://www.draytek.com/demo/Vigor2800/index.htm
 
Or you could go with a Linux based distro on a machine, like endian firewall comunity or ipcop. You make seperate interfaces for wiered and wierless and can make rules on what trafic is allowed to go from one zone to anothere. If you have some computer junk its ecen cheap
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top