isolating wireless network from wired

mobri09

I have a wired network setup for my business right now. I wanted to add wireless for some laptops for roaming purposes. Could i add the wireless router to the wired network? Therefore creating another ip address and isolating it from the other wired setup? I read a few articles and it looks like it would just be much much easier to hook up the wireless router and remove the wired router or just pick up an access point? I just have a netgear wireless router sitting here and i would like to take advantage of it. But my main concern is security. I will do my research on this, but just wanted some direction on what path to choose. Thanks

TheShadow

Off the top of my head. I am assuming that you are using cheap SOHO routers. In that case plug the wireless router WAN port into a host port on your wired router. You will probably need to make sure each router uses a different DHCP address pool so they are not supplying the same groups. I have done this before just to show students or to cheaply and quickly give an overview explanation of dual firewall DMZ's. If you are using different router brands you may need to make no changes at all.

Now if you and doing a large setup then you need to carefully research to entire scenario before proceeding. Adding an access point to your existing wired router is a bad move unless you fully understand the security risks involved.

The advantage to the two router approach is that you can isolate access by opening/closing selected ports on the wireless router and/or at the wired router which is what I think you are asking. With price wars going on for the cheap stuff falling to well under $100 it is easy to play around with. Just realize that wireless security is not as simple as it looks. JD and a couple of others will probably join in on that when they return.

JDMurray

Most SOHO routers have NAT and port forwarding capability that will allow you to create additional networks with different IP subnets. Each SOHO router only has two interfaces, so only two subnets per router. You can attach one SOHO router to each port on a switch and really create a complex LAN if you want.

I typically advise people to use a design like this in their home network using two wireless access point router/firewall boxes. One AP router will have private (closed) access to both the LAN and Internet, and the other AP will allow public (open) access to only the Internet. Each AP is on a different channel and SSID and uses a different IP subnet. When your friends come over to your house with their wireless laptops, they'll be able to use the public AP for Internet access without needing to gain access to your private network via your private AP.

mobri09

Excellent! Thank you Shadow and Murray - I Think i have a good path to follow now.

JDMurray

VLANs are a great solution for network segmentation, but it's not a feature of most cheap router firmware.

"wierd clients?"

JDMurray

moagm316 wrote:

oops sorry.

No problem. It just caused my imagination to run wild for a second or two, that's all.

mobri09

Actually these are both basic routers. 1 is a netgear wireless rangemax router and the other is a dlink wired router. I dont think either router has SOHO capabilities. Meaning their is no modem integrated within these routers. There is just 1 single modem that is seperated from the routers givin to us by the ISP.
http://www.netgear.com/pdf_docs/WPN824_ds_29Nov05.qxd.pdf
ftp://ftp10.dlink.com/pdfs/products/DI-707P/DI-707P_ds.pdf