Router and ACLs

[djmura]

Hello everyone! I am trying to setup a Hone Network / Small Business Network (WIred and WIreless), and have a Guest Wireless Network for close family and friends. The thing is, I am also looking for specific security features too. Most Routers I have looked into have Private and Guest Network Features; but, when I try to set up an Access Control List to make certain that ONLY the devices I want to allow on the Private Wireless Network can access the Private Network, the Access Control List also ends up effecting the Guest Wireless Network. This really defeats the purpose of adding ACLs if Guest Devices need to also be added to it. What I am looking for is a single stand-alone Router that can provide up to four RJ-45 Connections, broadcast a Private Wireless Network that can be safe guarded with a ACL, and broadcast a separate Guest Wireless Network that can be governed by a separate ACL (or be able to bypass the global ACL) and can be Firewalled to allow only Internet Accessibility. Could someone point me in the correct direction, or list a specific Router that can accommodate these needs?

 

[nigelivey]

You are unlikely to find these features on an all in one gateway device, you would need a commercial router and access points.

 

[bill001g]

You could look at ubiquiti edge routers if you want a device that is more than a simple consumer device. It is not as advanced as say a cisco or juniper device but cost a fraction. You could also consider running third party firmware on consumer routers.

The design after that is pretty easy. You run 2 different vlans with different IP ranges. This allows a fairly simple firewall rule since you can make rules based on subnet.

 

[DanKem06]

First guy is right, no way this is supported with your router. How about broadcast your guest ssid and dont broadcast your personal. First layer of security. Setup QOS to favor the personal ssid. Setup acl if you can but allow the your ssid to avoid the additional lock down rules. You might need a separate firewall to accommodate these rules though. Google non broadcasted ssid, VLan setup and ACL modifications. If you really understand what you will end up reading then go by a cisco switch and you might want to get a CCNA because this isnt novice stuff. What are you trying to protect that having a separate network would be needed, credit card numbers? Probably cheaper and easier to maintain your network by locking down your data with security permissions instead of trying to network the security.