We have a secure Wireless network using wep and mac filtering. My Boss
wants clients to have access to internet
fropm our office without having to add their mac address and enter a code on
their end. Is there a good procedure
for adding a WAP for internet only? I dont want this WAP to giver access to
anything except my router going out.
I would like it to disk out its own DHCP in a completely different network
but still give the users Internet access
Is there a whitepaper or howto>/??
"NewsGroup" <Card@ameritech.net> wrote in message
news:jqxhk.5602$np7.3691@flpi149.ffdc.sbc.com...
> We have a secure Wireless network using wep and mac filtering. My Boss
> wants clients to have access to internet
> fropm our office without having to add their mac address and enter a code
> on their end. Is there a good procedure
> for adding a WAP for internet only? I dont want this WAP to giver access
> to anything except my router going out.
> I would like it to disk out its own DHCP in a completely different network
> but still give the users Internet access
> Is there a whitepaper or howto>/??
If you knew enough to get the network setup like it is already then you
ought to know how to do this. If not, call (and pay) the people that set it
up. Get this wrong and you run the risk of compromising the network
security quite badly.
You don't describe the coverage area needed. If it's just one room or small
area then one access point might cover it. But if it's a multi-room,
several floors or multiple buildings then it gets CONSIDERABLY more complex.
Which is it?
That's the first question. After that a whole bunch of others follow.
Mostly concerning the existing internet connection and type of firewall
being used.
Bill Kearney wrote:
>
> "NewsGroup" <Card@ameritech.net> wrote in message
> news:jqxhk.5602$np7.3691@flpi149.ffdc.sbc.com...
>> We have a secure Wireless network using wep and mac filtering. My
>> Boss wants clients to have access to internet
>> fropm our office without having to add their mac address and enter a
>> code on their end. Is there a good procedure
>> for adding a WAP for internet only? I dont want this WAP to giver
>> access to anything except my router going out.
>> I would like it to disk out its own DHCP in a completely different
>> network but still give the users Internet access
>> Is there a whitepaper or howto>/??
>
> If you knew enough to get the network setup like it is already then you
> ought to know how to do this. If not, call (and pay) the people that
> set it up. Get this wrong and you run the risk of compromising the
> network security quite badly.
Nice attitude. We come here for help, not to hear that we should
already know how or to go hire someone. Grrrr!!!
I have the same problem. Westell 327w dsl modem on home network.
I'd like a separate unsecured network with internet access, but no
access to the primary network. I need 20 foot range. I have several
consumer-grade access points and routers. Can't figure how to set it up.
No, I don't want a lecture that I shouldn't. I want a tutorial on HOW.
Thanks, mike
>
> You don't describe the coverage area needed. If it's just one room or
> small area then one access point might cover it. But if it's a
> multi-room, several floors or multiple buildings then it gets
> CONSIDERABLY more complex. Which is it?
>
> That's the first question. After that a whole bunch of others follow.
> Mostly concerning the existing internet connection and type of firewall
> being used.
>
> -Bill Kearney
mike wrote:
> Bill Kearney wrote:
>>
>> "NewsGroup" <Card@ameritech.net> wrote in message
>> news:jqxhk.5602$np7.3691@flpi149.ffdc.sbc.com...
>>> We have a secure Wireless network using wep and mac filtering. My
>>> Boss wants clients to have access to internet
>>> fropm our office without having to add their mac address and enter a
>>> code on their end. Is there a good procedure
>>> for adding a WAP for internet only? I dont want this WAP to giver
>>> access to anything except my router going out.
>>> I would like it to disk out its own DHCP in a completely different
>>> network but still give the users Internet access
>>> Is there a whitepaper or howto>/??
>>
>> If you knew enough to get the network setup like it is already then
>> you ought to know how to do this. If not, call (and pay) the people
>> that set it up. Get this wrong and you run the risk of compromising
>> the network security quite badly.
>
> Nice attitude. We come here for help, not to hear that we should
> already know how or to go hire someone. Grrrr!!!
>
> I have the same problem. Westell 327w dsl modem on home network.
> I'd like a separate unsecured network with internet access, but no
> access to the primary network. I need 20 foot range. I have several
> consumer-grade access points and routers. Can't figure how to set it up.
>
> No, I don't want a lecture that I shouldn't. I want a tutorial on HOW.
>
You might look at some of the info on
<http://www.smallnetbuilder.com/content/view/86/106/>
But what Bill is alluding too, is that if you are responsible for the
network security you need to know how risk adverse you or your business
is and make appropriate decisions.
If you can get a second ip address from your internet provider just set
up a separate network.
If you can't get a second ip then connect one router to your isp and
then connect wan ports of two additional routers to lan side of ISP
connected router.
There are some issues with double natting so you mileage may vary.
A different option would be to find a router with 1 wan port and the
ability to route between two diffrent internal networks
If you want to run two wireless networks in same proximity choose your
channels properly.
John Mason Jr wrote:
> mike wrote:
>> Bill Kearney wrote:
>>>
>>> "NewsGroup" <Card@ameritech.net> wrote in message
>>> news:jqxhk.5602$np7.3691@flpi149.ffdc.sbc.com...
>>>> We have a secure Wireless network using wep and mac filtering. My
>>>> Boss wants clients to have access to internet
>>>> fropm our office without having to add their mac address and enter a
>>>> code on their end. Is there a good procedure
>>>> for adding a WAP for internet only? I dont want this WAP to giver
>>>> access to anything except my router going out.
>>>> I would like it to disk out its own DHCP in a completely different
>>>> network but still give the users Internet access
>>>> Is there a whitepaper or howto>/??
>>>
>>> If you knew enough to get the network setup like it is already then
>>> you ought to know how to do this. If not, call (and pay) the people
>>> that set it up. Get this wrong and you run the risk of compromising
>>> the network security quite badly.
>>
>> Nice attitude. We come here for help, not to hear that we should
>> already know how or to go hire someone. Grrrr!!!
>>
>> I have the same problem. Westell 327w dsl modem on home network.
>> I'd like a separate unsecured network with internet access, but no
>> access to the primary network. I need 20 foot range. I have several
>> consumer-grade access points and routers. Can't figure how to set it up.
>>
>> No, I don't want a lecture that I shouldn't. I want a tutorial on HOW.
>>
>
>
> You might look at some of the info on
> <http://www.smallnetbuilder.com/content/view/86/106/>
>
> But what Bill is alluding too, is that if you are responsible for the
> network security you need to know how risk adverse you or your business
> is and make appropriate decisions.
>
>
> If you can get a second ip address from your internet provider just set
> up a separate network.
>
> If you can't get a second ip then connect one router to your isp and
> then connect wan ports of two additional routers to lan side of ISP
> connected router.
>
>
> There are some issues with double natting so you mileage may vary.
>
> A different option would be to find a router with 1 wan port and the
> ability to route between two diffrent internal networks
>
>
> If you want to run two wireless networks in same proximity choose your
> channels properly.
>
>
> John
Thanks for the link. Now, I gotta go searching for the
needle in that haystack.
I'm not overly concerned about highest security. Ain't nothing worth
having on the machine. Just like to try to keep out the pranksters
who like to trash your system. Spending money on the project is outa
the question.
Two issues I forgot to mention...
1) the router I want open is built into the dsl modem.
I want the high speed router to be the secure one.
2) I need to port forward to the net on the secondary router
for voip, vnc, etc.
I got the thing to work with two different nets...192.168.1.x and
192.168.2.x
but couldn't figure out how to port forward to the second router. I
tried subnetting one
address range with subnet mask and assigning two dhcp servers, one for
each half.
All that did was take the other half of the last octet
out of the list. Could still access the other half.
mike
mike wrote:
> Bill Kearney wrote:
>>
>> "NewsGroup" <Card@ameritech.net> wrote in message
>> news:jqxhk.5602$np7.3691@flpi149.ffdc.sbc.com...
>>> We have a secure Wireless network using wep and mac filtering. My
>>> Boss wants clients to have access to internet
>>> fropm our office without having to add their mac address and enter a
>>> code on their end. Is there a good procedure
>>> for adding a WAP for internet only? I dont want this WAP to giver
>>> access to anything except my router going out.
>>> I would like it to disk out its own DHCP in a completely different
>>> network but still give the users Internet access
>>> Is there a whitepaper or howto>/??
>>
>> If you knew enough to get the network setup like it is already then
>> you ought to know how to do this. If not, call (and pay) the people
>> that set it up. Get this wrong and you run the risk of compromising
>> the network security quite badly.
>
> Nice attitude. We come here for help, not to hear that we should
> already know how or to go hire someone. Grrrr!!!
And if you listen long enough, instead of shooting your proverbial mouth
off, you'll know who here can give useful and accurate answers. If you
want hand holding then pay someone. For free, you put up and SHUT UP.
> I have the same problem. Westell 327w dsl modem on home network.
> I'd like a separate unsecured network with internet access, but no
> access to the primary network. I need 20 foot range. I have several
> consumer-grade access points and routers. Can't figure how to set it up.
> No, I don't want a lecture that I shouldn't. I want a tutorial on HOW.
With that attitude? Get stuffed. Hopefully the original poster will
come back with some answers and we can move forward on helping HIM instead.
> But what Bill is alluding too, is that if you are responsible for the
> network security you need to know how risk adverse you or your business
> is and make appropriate decisions.
Exactly. But before opening THAT can of worms, which is more
'political' than technical, it's best to get a heads-up on just what
sort of access is necessary. That and what sort of budget is available.
I've been doing this sort of work for over two decades so I'm more
than a little familiar with all aspects of getting it going.
> If you can get a second ip address from your internet provider just set
> up a separate network.
Yep, this is often the safest 'route', pun intended. This is a trivial
router config change on the part of the ISP. But one for which they may
gouge a princely sum. Again, just what sort of networking is required
may dictate what can be offered.
With a second external address you just add a switch between the DSL
modem and the two switches. Each router's WAN port goes into the
switch. Then a cross-over cable goes from the switch to the DSL modem port.
But here's another wrinkle to consider, what if these 'guests' need to
print something? Getting them connected to the local printers may be
less-than-trivial depending on how the system is set up. As in, not by
using an external IP address.
For an office environment of anything more than the most trivial of
setups it can really get complicated getting things setup SECURELY.
As for 'who cares about security', if you care enough to expect your
computer to turn on and be usable, you'd better care. It's trivially
simple for the malicious pranksters to reach out from across the globe
and trash networks. Don't let yours fall prey.
> If you can't get a second ip then connect one router to your isp and
> then connect wan ports of two additional routers to lan side of ISP
> connected router.
>
> There are some issues with double natting so you mileage may vary.
If you put the guest network behind the 1st router then you risk leaving
the 1st router's network open to access from the guests. If you put the
main network behind the guest router you avoid this but then introduce
the double-NAT hopping. That and funnel what could be a LOT of traffic
through the guest router.
> A different option would be to find a router with 1 wan port and the
> ability to route between two diffrent internal networks
A good suggestion. Cisco's routers are a great solution here. They're
not cheap but they possess the necessary degree of configurability that
you just will not find in low-end routers (a la linksys, d-link, etc).
With IOS you get a more versatile, and well understood, interface that
allows quite sophisticated programming. But programming one is not
something you just 'pick up' on the fly. This is why I suggested hiring
a professional. By the time the novice figures out he's in over his
head, good money has been wasted on low-end gear that can't do the job,
to say nothing of compromised security and wasted time. Not a recipe
for keeping the overworked IT staff employed...
> If you want to run two wireless networks in same proximity choose your
> channels properly.
That's a whole other rats nest, but good to point it out.
mike wrote:
> John Mason Jr wrote:
>> mike wrote:
>>> Bill Kearney wrote:
>>>>
>>>> "NewsGroup" <Card@ameritech.net> wrote in message
>>>> news:jqxhk.5602$np7.3691@flpi149.ffdc.sbc.com...
>>>>> We have a secure Wireless network using wep and mac filtering. My
>>>>> Boss wants clients to have access to internet
>>>>> fropm our office without having to add their mac address and enter
>>>>> a code on their end. Is there a good procedure
>>>>> for adding a WAP for internet only? I dont want this WAP to giver
>>>>> access to anything except my router going out.
>>>>> I would like it to disk out its own DHCP in a completely different
>>>>> network but still give the users Internet access
>>>>> Is there a whitepaper or howto>/??
>>>>
>>>> If you knew enough to get the network setup like it is already then
>>>> you ought to know how to do this. If not, call (and pay) the people
>>>> that set it up. Get this wrong and you run the risk of compromising
>>>> the network security quite badly.
>>>
>>> Nice attitude. We come here for help, not to hear that we should
>>> already know how or to go hire someone. Grrrr!!!
>>>
>>> I have the same problem. Westell 327w dsl modem on home network.
>>> I'd like a separate unsecured network with internet access, but no
>>> access to the primary network. I need 20 foot range. I have several
>>> consumer-grade access points and routers. Can't figure how to set it
>>> up.
>>>
>>> No, I don't want a lecture that I shouldn't. I want a tutorial on HOW.
>>>
>>
>>
>> You might look at some of the info on
>> <http://www.smallnetbuilder.com/content/view/86/106/>
>>
>> But what Bill is alluding too, is that if you are responsible for the
>> network security you need to know how risk adverse you or your
>> business is and make appropriate decisions.
>>
>>
>> If you can get a second ip address from your internet provider just
>> set up a separate network.
>>
>> If you can't get a second ip then connect one router to your isp and
>> then connect wan ports of two additional routers to lan side of ISP
>> connected router.
>>
>>
>> There are some issues with double natting so you mileage may vary.
>>
>> A different option would be to find a router with 1 wan port and the
>> ability to route between two diffrent internal networks
>>
>>
>> If you want to run two wireless networks in same proximity choose your
>> channels properly.
>>
>>
>> John
> Thanks for the link. Now, I gotta go searching for the
> needle in that haystack.
>
> I'm not overly concerned about highest security. Ain't nothing worth
> having on the machine. Just like to try to keep out the pranksters
> who like to trash your system. Spending money on the project is outa
> the question.
>
> Two issues I forgot to mention...
> 1) the router I want open is built into the dsl modem.
> I want the high speed router to be the secure one.
> 2) I need to port forward to the net on the secondary router
> for voip, vnc, etc.
>
> I got the thing to work with two different nets...192.168.1.x and
> 192.168.2.x
> but couldn't figure out how to port forward to the second router. I
> tried subnetting one
> address range with subnet mask and assigning two dhcp servers, one for
> each half.
> All that did was take the other half of the last octet
> out of the list. Could still access the other half.
> mike
Sounds like the setup needs some thoughtful planning, I would reccommend
starting by making a list of hardware making sure you include
manufacturer, and software verson numbers then you might be able to get
more specific answers
On Tue, 22 Jul 2008 22:17:18 -0500, "NewsGroup" <Card@ameritech.net>
wrote:
>We have a secure Wireless network using wep and mac filtering.
I was under the impression that wep was now deemed to be so readily
breakable as to be considered insecure and that mac filtering
virtually only prevented the most trivial of intrusion attempts.
Open access point for clients 
Linear Mode
