"Duane Arnold" <Yeah-Don't-bother-@that's-right.BET> hath wroth:
>"Jason Russell" <invalid@invalid.com> wrote in message
>news:0dKdnSbpldPbKrXYnZ2dnUVZ8tadnZ2d@pipex.net.. .
>>I have a requirement for a router that can configured to separate the LAN
>>from WLAN.
>>
>> I need to be able to have an unencrypted WLAN to WAN/INTERNET network
>> available to users of the coffee shop, but configured in such a way that
>> they are unable to access the internal LAN that runs the epos systems.
>>
>> One computer on the LAN also needs access to the WAN/INTERNET.
>>
>> I believe that a sonicwall TZ170 wireless may do the job, but are there
>> any alternative products?
>>
>
>Yeah, it's called get a second router that would use the gateway router to
>the Internet so that machines connected to it can access the Internet. The
>second router will segregate the two networks, with the machine behind the
>second router protected from the machines on the unprotected wireless LAN.
>You should make sure that the second router is an all wire solution.
>Duane :)
Agreed. Some comments.
1. The TZ170 comes in various versions and user counts. 10 users is
currently barely adequate for a coffee shop. The problem is that the
ever prevalent game boxes, WiFi phones, and PDA's are raising the user
count without actually generating any traffic. They connect,
associate, and sometimes login, and then do nothing. I've seen the
DHCP table contain 50 entries with only one laptop in the coffee shop.
It's all from "drive by" WiFi users.
2. If the ISP offers a 2nd IP address, it's easy. One modem, two
routers, and two totally independent networks. This is what I do at 2
coffee shops. The problem is that it gets expensive. For example,
PBI/SBC/AT&T DSL is normally about $39/month for a single IP dynamic
IP account, $59/month for 5 static IP's, and nothing in between.
Because it's a business, AT&T DSL will not apply residential discounts
and promotions. With a $20/month differential, it doesn't take many
months before the TZ170 becomes economical.
3. If only one IP is available, such as with cable modem service,
then some ingenuity is required. Double NAT will work with some
complications. For example:
|
http://www.publicip.net/zonecd/how.php
I covered the IP address layout in the following thread:
|
http://groups.google.com/group/alt.i...1d98548089c0dc
4. It is also possible to build a multiple ethernet port Linux based
server that can separate connected LAN's using routing between ports.
I don't wanna go into this option right now (because I don't want to
do the necessary reading and Goggling).
--
Jeff Liebermann
jeffl@comix.santa-cruz.ca.us
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060
http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Advice required for secure LAN/ unsecure WLAN 
Linear Mode
