Re: Open access point for clients
- From: Bill Kearney <wkearney99@xxxxxxxxxxx>
- Date: Wed, 23 Jul 2008 22:05:15 -0400
But what Bill is alluding too, is that if you are responsible for the network security you need to know how risk adverse you or your business is and make appropriate decisions.
Exactly. But before opening THAT can of worms, which is more 'political' than technical, it's best to get a heads-up on just what sort of access is necessary. That and what sort of budget is available. I've been doing this sort of work for over two decades so I'm more than a little familiar with all aspects of getting it going.
If you can get a second ip address from your internet provider just set up a separate network.
Yep, this is often the safest 'route', pun intended. This is a trivial router config change on the part of the ISP. But one for which they may gouge a princely sum. Again, just what sort of networking is required may dictate what can be offered.
With a second external address you just add a switch between the DSL modem and the two switches. Each router's WAN port goes into the switch. Then a cross-over cable goes from the switch to the DSL modem port.
But here's another wrinkle to consider, what if these 'guests' need to print something? Getting them connected to the local printers may be less-than-trivial depending on how the system is set up. As in, not by using an external IP address.
For an office environment of anything more than the most trivial of setups it can really get complicated getting things setup SECURELY.
As for 'who cares about security', if you care enough to expect your computer to turn on and be usable, you'd better care. It's trivially simple for the malicious pranksters to reach out from across the globe and trash networks. Don't let yours fall prey.
If you can't get a second ip then connect one router to your isp and then connect wan ports of two additional routers to lan side of ISP connected router.
There are some issues with double natting so you mileage may vary.
If you put the guest network behind the 1st router then you risk leaving the 1st router's network open to access from the guests. If you put the main network behind the guest router you avoid this but then introduce the double-NAT hopping. That and funnel what could be a LOT of traffic through the guest router.
A different option would be to find a router with 1 wan port and the ability to route between two diffrent internal networks
A good suggestion. Cisco's routers are a great solution here. They're not cheap but they possess the necessary degree of configurability that you just will not find in low-end routers (a la linksys, d-link, etc). With IOS you get a more versatile, and well understood, interface that allows quite sophisticated programming. But programming one is not something you just 'pick up' on the fly. This is why I suggested hiring a professional. By the time the novice figures out he's in over his head, good money has been wasted on low-end gear that can't do the job, to say nothing of compromised security and wasted time. Not a recipe for keeping the overworked IT staff employed...
If you want to run two wireless networks in same proximity choose your channels properly.
That's a whole other rats nest, but good to point it out.
-Bill Kearney
.
- References:
- Open access point for clients
- From: NewsGroup
- Re: Open access point for clients
- From: Bill Kearney
- Re: Open access point for clients
- From: mike
- Re: Open access point for clients
- From: John Mason Jr
- Open access point for clients
- Prev by Date: Re: Open access point for clients
- Next by Date: Re: NEWS: CE giants pitch yet another wireless HD standard
- Previous by thread: Re: Open access point for clients
- Next by thread: Re: Open access point for clients
- Index(es):
Relevant Pages
|
