LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Mime-Version:	1.0
Content-Type:	text/plain; charset="utf-8"
Date:	Mon, 16 Jul 2012 09:36:25 -0700
Reply-To:	Personal Computer Hardware discussion List <[log in to unmask]>
Subject:	Re: Isolate wireless and local lan on same router
Content-Transfer-Encoding:	quoted-printable
Message-ID:	<[log in to unmask]>
Sender:	Personal Computer Hardware discussion List <[log in to unmask]>
From:	[log in to unmask]
Parts/Attachments:	text/plain (103 lines)

  This device probably cannot do what you ask without some help.  

  Most "SOHO" (Small Office/Home Office) routers these days include both
wireless and 1, 4 or 8 wired (Ethernet) ports.  But the way this is
implemented is that "under the covers" ou really have a 2-port router
(one interface to connect to your ISP and the other to your local
network) and, within the same case, a *switch* (also occasionally called
a "bridge") which functions like a smart hub connecting the wireless
interface and those wired LAN ports into a single network.

  I think your simplest solution is to use two devices.  One connects to
your ISP and provides wireless and wired ports.  The second, which
should NOT provide wireless, plugs into a LAN port on the first, and
provides your wired LAN ports.  (I have a NetGear 8-port gigabit switch
which looks a lot like their routers, but you want this second device to
actually do routing, and preferably firewalling as well, so that would
NOT be an appropriate "second device"...)
  Each of these devices will have one "uplink" port that could receive
its configuration via DHCP, and each device will serve DHCP to its
client ports.  So you'll have two networks with separate address ranges
and DHCP "scopes".

Device "1"

  "WAN" port to ISP
  "LAN" address 192.168.1.1, mask 255.255.255.0, providing addresses
192-168.1.2 through 192.168.1.200 to DHCP clients (wired and wireless)
-- these clients will receive 192.168.1.1 as their "default gateway
address", which you might need to configure.
  (I've left addresses 192.168.1.201 through 192.168.1.254 unassigned,
in case you need to host a server or two on your network.  These are
private addresses, but if you get static addresses from your ISP, the
router can be configured to make them reachable from the Internet.)

Device "2"

  "WAN" port to a LAN port on device "1" -- this could rely on DHCP, or
you could configure it to use 192.168.1.254 and mask 255.255.255.0
  "LAN" address 192.168.2.1, mask 255.255.255.0, providing addresses
192.168.2.2 through 192.168.2.200 to wired clients only -- these devices
will see/use 192.168.2.1 as their default gateway address.  Again the
router may fill this in automatically, or you might have to configure
it.
  (I've left addresses 192.168.2.201 through 192.168.2.254 unassigned,
in case you need to hook up a networked printer or storage drive on your
network.  These are private addresses, and behind the second router it
may be a bit challenging to make them reachable from the Internet.)

  Oh -- These small routers generally have NAT (Network Address
Translation) enabled by default -- check that it is, and if it isn't the
enable it.  THIS is what keeps outde devices from initiating connections
to devices on the inside even if the router isn't also doing
firewalling.

  As Mark Rode has indicated, it's possible to do all of this in a
single device from a company like Cisco.  But that single device will
probably cost you several times as much (even if you buy used or on
eBay) and you'd want a Cisco-certified tech to set it up for you.  I'd
recommend that approach if your ISP connection were a T1 line or one of
their higher bandwidth offerings.  They do make models which can connect
to DSL, and it's possible that the business has other security needs
that would justify the expense.

David Gillett, CISSP CCNP


-------- Original Message --------
Subject: [PCBUILD] Isolate wireless and local lan on same router
From: Brad Feuerhelm <[log in to unmask]>

Hey all,

I have an WRT320N wireless router.

I want to isolate the wireless part from the local LAN. The wife runs a 
business from home and has customers come here. Which she want to be 
able to have customers or family members access internet but not have 
access to the local LAN. I know this can be done with two routers but 
can it be done with one router?

Right now we are using the wired LAN and not the wireless, except for 
the wife's tablet. But she doesn't use it much. So everything is located

on the local LAN. So I do want to get the wireless setup so nobody can 
access it while they are accessing the internet. I do at the moment have

it setup so you need a key to access. But if I give out that key then 
they have total access to the LAN network.

If it can be done I will need some hand holding to do it I think. My 
network knowledge is fairly basic in nature.

If you need more info let me know.

Thanks

Brad Feuerhelm


         PCBUILD maintains hundreds of useful files for download
                     visit our download web page at:
                  http://freepctech.com/downloads.shtml

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG