Re: 2nd WAP with no access to 1st WAP

"UseNet" <Cal@xxxxxxxxx> wrote in
news:wFA%k.7960$as4.45@xxxxxxxxxxxxxxxxxxxx:

Hey thanks
Now they just have a Linksys Wrt54gs with wpa encryption
I'll try to talk them into spending some more $$

If they are going to decide to spend any money, here's another
solution.......

Mikrotik (mikrotik.com) offers many different 'RouterBoards', which comes
with their 'RouterOS'. The least expensive model, is the RB450, which is
a 5 port rtr/switch. You can buy it all over the web, bare board or in a
small nifty enclosure. For under $100 enclosed w/pwr supply, you get a
very effective routing device that is not too dis-similar to a Cisco or
Enterasys device.

I've just recently started using a few of these, and I'll tell you, it is
unbelievably powerful given the *very* low cost (relative to it's
capabilities).

(Essentially, they are SBC's that run an embedded version of Linux, and
Mikrotik has created a command-line management interface application that
gives you access and configurability to the advanced routing and
networking components of the Linux kernel. There's a GUI config tool as
well.)

The device would be connected between the LAN you want to use for the
internet connection, and the already existing WAP. One side of the rtr to
the existing LAN, the other to the existing AP. The existing LAN would
effectively become the gateway for internet traffic for the wireless
network.

The rtr is configured with one interface on the LAN to a LAN IP. Another
rtr interface going to the AP, and on a completely different subnet. The
rtr can also be default gateway'd to the LAN d g/w. The rtr would DCHP
for the AP network/subnet. DHCP would issue the rtr's AP network
interface for the clients d g/w.

Existing LAN <------------> RB450 <------------> WAP -----(clients)
[192.168.1.x] [.1.254 & .100.1] .100.2 .100.50 - .100.100
Def. g/w = .1.(d g/w)
DNS = .1.x DNS
DHCP to wireless --->
(Scope .100.50 - .100.100)
(DHCP'd g/w = .100.1)
(DHCP's DNS = .100.1)


The rtr would need to be configured with a few rules.....

Maybe just one, it would be set to only accept packets destined for the
LAN default gateway, which is the ultimate point of internet access. All
other packets would be dropped. This would isolate the LAN resources from
the WLAN.

The only other caveat would be that the device that is the ultimate point
of internet access be capable of adding static routes to it. This is
needed so return internet traffic destined for the WLAN will know where
to go when it gets back. I'm sure most Linksys cable/DSL rtr's have that
capability.

(And if not, the LAN side of the RB450 rtr can be configured to NAT the
WLAN anyway, so return traffic would always go to a LAN IP anyway, so no
route needed.)

Of course, this is the geeky way to do it, but very effective.





















"John Navas" <spamfilter1@xxxxxxxxxxxxxx> wrote in message
news:nqctj45lusiaou41ihlqknveqan2206o9u@xxxxxxxxxx
On Tue, 9 Dec 2008 11:22:12 -0600, "UseNet" <Cal@xxxxxxxxx> wrote in
<8Px%k.9677$c45.3650@xxxxxxxxxxxxxxxxxxxx>:

We have a small network with about 30 users in a mac environment. We
have a
wireless router connected to our network. I was asked to setup a
small wap
for our conferance room. It wont be open but we dont want anybody
who uses
this wap to see any resources on our other wap. -only internet
access. Is
this a complex setup? if not, please send recommendations

Most straightforward way to do this on the cheap:
* Main wireless router with VLAN support
* Attach the WAP to a specific port on the main wireless router
* Establish a VLAN between the WAP port and the Internet

If, like most low-end products, your existing wireless router doesn't
have VLAN support, but can run DD-WRT, you can use DD-WRT to do this.
<http://www.dd-wrt.com/wiki/index.php/Supported_Devices>

But the approach I recommend is to replace your main wireless router
with a more capable wireless router designed to do this. While my
personal favorite is SonicWALL (TZ150/TZ170), the less expensive
NETGEAR WG302 can also do this.

Hope that helps.
--
Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
John Navas FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>

.

Relevant Pages

  • Re: setup an isolated wireless network
    ... if a laptop has a virus that uses this router to access ... I have a class B network, which has 1 firewall to access internet. ... I have no choice to plug wireless router to my network, ... I will configure wireless router to access my LAN (give router ...
    (microsoft.public.windows.server.networking)
  • Re: Wireless clients, 2 SSIDs and SBS - need recommendations
    ... I saw this a week or so ago when Owen Williams sent me the link. ... don't have a wireless router, just the one and only router for the ... computers/users have access to the LAN and the rest just internet ...
    (microsoft.public.windows.server.sbs)
  • Re: Wireless to wired LAN
    ... The office LAN is DHCPed by a ADSL router, ... Internet access and it is this that the wireless router connects ...
    (alt.internet.wireless)
  • connection issue
    ... I have a wired router that I use for my main LAN and internet (also use ... I have the wireless router set to a static ip and when I ...
    (alt.internet.wireless)
  • Re: Moving Exchange Server
    ... Placing them in the LAN gives internal users 100% access with no firewall to ... DMZ, thus 0% risk/ports open between them. ... If Microsoft Exchange and/or Active Directory cannot run ... >> Internet is better? ...
    (microsoft.public.exchange.setup)