site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Wireless Security > Restricting Wireless users from accessing LAN workgroups

Search Topic:
 Uniqs:
1890		 Share Topic
Posting?
Post a:
Post a:
Links: ·Forum Guidelines ·Wireless Security FAQ ·Keith's FAQ
AuthorAll Replies

mcnab

join:2003-09-17
Beverly Hills, CA

Restricting Wireless users from accessing LAN workgroups

Hi everyone,

I have a Buffalo WHR-HP-G54 running Tomato Firmware.

I have 4 computers setup on my internal (Wired) network, and they access data off a "mapped network drive" that I setup.

I want to offer Wifi access to customers, but currently if I connect any computer to the wireless (secured or unsecured) they have access to the same network drive / workgroup computers as if they were wired.

I've read there are "guest zones" available on some wireless firmware so that you can setup different zones and restrict my customers from only using the wireless (and not accessing my internal network).

Should I be doing this router / wireless side? or should I be configuring something differently on my small internal network?
to forum · permalink · 2011-05-25 05:12:13 ·


SoonerAl
Old enough to know better
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5

Click for full size
Router with guest WLAN functionality
Click for full size
Dual router scheme
There a couple of ways to do this...

1. Purchase a router, or install third-party firmware on an existing router, that offers a seperate guest wireless LAN function. I have a ZyXEL NBG334W that has this feature. See the first screen shot as an example.

2. Purchase a second wireless router and connect it to your existing network but in front of the router for your protected network. See the second screen shot as an example. The private network would have a different subnet than the guest network, ie. private 192.168.2.X and guest 192.168.1.X for example or whatever you choose.
--
"When all else fails read the instructions..."
MS-MVP Windows Expert - Consumer
to forum · permalink · 2011-05-25 05:54:32 ·

HELLFIRE

join:2009-11-25
kudos:4

reply to mcnab
Second SoonerAl's suggestions, it all depends on your needs, your technical skill level and
your budget. Either option will fit your needs, and generally shouldn't involve a big outlay
of cash for equipment.

Best of luck!

Regards

to forum · permalink · 2011-05-25 23:14:57 ·

supergeeky

join:2003-05-09
United State
kudos:3

reply to mcnab
I offer a third option as the more secure and lower potential for problems...

Take the output of the cable modem into a switch...

out of that switch to "company" router

out of that switch to "guest" router

...each router should get their own static IP.

This way:
- the two networks can't talk
- you don't have the double NAT issues associated with one router going through another router
- company users who are visiting or accidentally connect to the guest wireless could still VPN into the company network
- when law enforcement comes asking about suspicious traffic you can easily distinguish from within your company vs. guest wireless

to forum · permalink · 2011-05-26 20:41:38 ·
Forums > Broadband Tech > Security > Wireless Security

Friday, 01-Jun 18:03:13 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics