Security / isolation between two WLANs in office??

Toggle sidebar Toggle sidebar
S

stevecon59

Distinguished
Apr 6, 2011
11
0
18,510
I have a Comcast broadband connection that provides internet connectivity in my wife's spa. The DHCP server in the cable modem / router is handing out 10.1.10.x IP addresses to the Reception PC adjacent to it, and to a wireless "N" Tenda router that is configured as a switch by keeping the WAN port disconnected and DHCP disabled. The wireless "N" router provides wireless connectivity for the office personnel and and wired connections to a the Office PC, a LinkSys VOIP telephone adapter and a LinkSys wireless "B" router with the DHCP server enabled for customer usage on a 192.168.100.x network. Basically, I'm keep the office & employee equipment on the 10.1.10.x LAN & WLAN, and the customers on a 192.168.100.x WLAN.

All this was done to keep the office network equipment, phones, wireless devices isolated as much as I could from the the customer wireless network. Besides the simple steps such as not broadcasting any SSIDs, employing WPA security and use of two different LANs, what else can I do *or* do differently to make it harder for prying eyes to gain access to the office LAN?

Thanks!
 
Sort by date Sort by votes
Actually there is a way,


If I understand your question correctly.... You've got a Business network with some PCs/ Pos stations, then you want Wireless for your guests... Right now you have a router handing out DHCP, a switch providing access for all the wired devices, and a Wireless router in AP mode for the Wireless?

What you can do on the Linksys "B" router is take an ethernet cable that's on the Lan side of the Linksys router, and move it to the WAN port of the linksys router... ( So the cable that's connecting it to the rest of the network right now).... Program the WAN Ip address to STATIC using a 10.1.10.254 or any other address on the internal Lan side, also specify the default gateway of the 10.1.10's , and DNS server in the WAN Ip address fields. Once done you've added that router as a device on the 10.1.10.x's network, but everything behind that can't get through to the internal lan..via the wireless.

What this will do is still allow the same level of wireless communication and internet access , but it will use the linksys's Nating feature as a firewall that no ammount of Wi-fi hacking etc... willl ever let them into the 10.1.10.x's network..it can only talk to the gateway. Effectively they are two seperate networks.
 
Upvote 0 Downvote



My understanding was that this is his setup, and he wants to know if there is anything else he can do to increase the security.
 
Upvote 0 Downvote
which there is by using the nating trick. It's a low cost soltuion to isolate a wireless router's traffic from an internal lan, and keep two dhcp servers running, and still have internet access etc..
 
Upvote 0 Downvote
You have 3 good options.

1. If the unit can put access list on the inside interface denying one network access to the other take that option. It is easy and most routers have firewalls. It has a performance penalty if you do that.

2. Seccond option is to get a vlan able router that can do vrf to segregate the networks. Cisco does that.. Put one vlan on 10. network and one vlan on 192 network. Have your isp do firewall service for both. or do firwall service yourself.
You need a router Cisco 877, 1921 or something like that depending on your network access.

3. The simple method but more expencive because it needs seccond internet connection you need to pay for forever.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom