O.T. - Wireless LAN

Yahoo Archive
1
I have to agree with Toby on setting up a separate network for visitor
access.
I have gone to the trouble to wire some Cat5 jacks (color coded) to the
"customer" network and added a cheap wireless AP for customers. This is
routed through an extra Cisco router. This router is set up on a
separate extra external IP provided by our ISP (we needed 2 and got a
block of 5). This provides visitors a wireless or wired connection that
is totally separate from our network yet with a reasonable firewall for
their security. It also has the added benefit of acting as a decoy for
any one savvy enough to attempt to hack our wireless. It's ID is not
hidden like our internal wireless network and has less security to make
it a more attractive target. It's the the old trick of watch my left
hand while my right hand works the magic.
It was not that expensive to set up, and I consider all the parts
involved my "backup" parts for our internal network (I can live without
visitor access for a few days while replacement parts are on the way,
but I don't want my internal network down while I wait for a new router
or AP).
Best of luck,
Aaron Hoyt
Vantage Plastics



Toby Boogerd wrote:
>
> Your better option is to put the visitors on a separate network and
> route that network through your firewall to allow internet traffic. Even
> if you have to buy a separate wireless router to do this. Just set it up
> with a difference IP base than your internal network and route it
> through your firewall.
> Other options include using demilitarized zones and/or VLANs on specific
> ports if hard wiring. Many options depend on your specific setups and
> hardware.
>
> ________________________________
>
> From: Todd Caughey [mailto:caugheyt@...
> <mailto:caugheyt%40harveyvogel.com>]
> Sent: Monday, September 22, 2008 8:24 AM
> To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> Subject: RE: [Vantage] O.T. - Wireless LAN
>
> We do this here in a limited fashion. We can a access our network via a
> wireless router/switch (although the prefered method for the laptop
> people is wired....much faster) and also provide web access for
> visitors. To login to our network requires our domain name otherwise the
> network validaiton part fails and it establishes a local login that
> still gives them web access. Most visitors have their home domain name
> in their login so when this fails they get a local login to their
> laptop. But the DHCP server still gives them IP addresses (including
> gateway) and DNS service through the firewall. All this assumes casual
> usage by visitors and not trying to protect from malicious access
> attempts to our network resources. I think the wireless router also does
> some isolation because without logging in to our network all they can
> see in terms of other PCs are the ones linked to the wireless router.
> This was by default right out of the box with a $40 D-Link wireless
> router. I should probably setup WAP security but we are in an isolated
> location too far from roads for the signal to be used outside the
> building so I have never bothered with it.
> -Todd C.
>
> ________________________________
> From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> <mailto:vantage%40yahoogroups.com>
> [mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> <mailto:vantage%40yahoogroups.com> ] On
> Behalf Of randyduly
> Sent: Sunday, September 21, 2008 4:53 PM
> To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> <mailto:vantage%40yahoogroups.com>
> Subject: [Vantage] O.T. - Wireless LAN
>
> I am wandering what other people have done. I have a network with some
> HP Switches in my wiring closet. I want to set up a wireless LAN for
> our internal Laptop users and also be able to let customer's access
> the Internet with their laptop for access to their email or to connect
> to their office. But also to keep the customer from accessing our
> internal network.
>
> I don't want to spend megabuck either. What have other done. Thanks in
> advance.
>
> [Non-text portions of this message have been removed]
>
> [Non-text portions of this message have been removed]
>
>


[Non-text portions of this message have been removed]
2
I am wandering what other people have done. I have a network with some
HP Switches in my wiring closet. I want to set up a wireless LAN for
our internal Laptop users and also be able to let customer's access
the Internet with their laptop for access to their email or to connect
to their office. But also to keep the customer from accessing our
internal network.

I don't want to spend megabuck either. What have other done. Thanks in
advance.
3
We do this here in a limited fashion. We can a access our network via a wireless router/switch (although the prefered method for the laptop people is wired....much faster) and also provide web access for visitors. To login to our network requires our domain name otherwise the network validaiton part fails and it establishes a local login that still gives them web access. Most visitors have their home domain name in their login so when this fails they get a local login to their laptop. But the DHCP server still gives them IP addresses (including gateway) and DNS service through the firewall. All this assumes casual usage by visitors and not trying to protect from malicious access attempts to our network resources. I think the wireless router also does some isolation because without logging in to our network all they can see in terms of other PCs are the ones linked to the wireless router. This was by default right out of the box with a $40 D-Link wireless router. I should probably setup WAP security but we are in an isolated location too far from roads for the signal to be used outside the building so I have never bothered with it.
-Todd C.

________________________________
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of randyduly
Sent: Sunday, September 21, 2008 4:53 PM
To: vantage@yahoogroups.com
Subject: [Vantage] O.T. - Wireless LAN


I am wandering what other people have done. I have a network with some
HP Switches in my wiring closet. I want to set up a wireless LAN for
our internal Laptop users and also be able to let customer's access
the Internet with their laptop for access to their email or to connect
to their office. But also to keep the customer from accessing our
internal network.

I don't want to spend megabuck either. What have other done. Thanks in
advance.





[Non-text portions of this message have been removed]
4
Your better option is to put the visitors on a separate network and
route that network through your firewall to allow internet traffic. Even
if you have to buy a separate wireless router to do this. Just set it up
with a difference IP base than your internal network and route it
through your firewall.
Other options include using demilitarized zones and/or VLANs on specific
ports if hard wiring. Many options depend on your specific setups and
hardware.

________________________________

From: Todd Caughey [mailto:caugheyt@...]
Sent: Monday, September 22, 2008 8:24 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] O.T. - Wireless LAN



We do this here in a limited fashion. We can a access our network via a
wireless router/switch (although the prefered method for the laptop
people is wired....much faster) and also provide web access for
visitors. To login to our network requires our domain name otherwise the
network validaiton part fails and it establishes a local login that
still gives them web access. Most visitors have their home domain name
in their login so when this fails they get a local login to their
laptop. But the DHCP server still gives them IP addresses (including
gateway) and DNS service through the firewall. All this assumes casual
usage by visitors and not trying to protect from malicious access
attempts to our network resources. I think the wireless router also does
some isolation because without logging in to our network all they can
see in terms of other PCs are the ones linked to the wireless router.
This was by default right out of the box with a $40 D-Link wireless
router. I should probably setup WAP security but we are in an isolated
location too far from roads for the signal to be used outside the
building so I have never bothered with it.
-Todd C.

________________________________
From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
Behalf Of randyduly
Sent: Sunday, September 21, 2008 4:53 PM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: [Vantage] O.T. - Wireless LAN

I am wandering what other people have done. I have a network with some
HP Switches in my wiring closet. I want to set up a wireless LAN for
our internal Laptop users and also be able to let customer's access
the Internet with their laptop for access to their email or to connect
to their office. But also to keep the customer from accessing our
internal network.

I don't want to spend megabuck either. What have other done. Thanks in
advance.

[Non-text portions of this message have been removed]






[Non-text portions of this message have been removed]