+ Post New Thread
Results 1 to 10 of 10
Network and Classroom Management Thread, 2 wireless networks and wired network in Technical; Hi We are thinking about setting up a wireless network, we have 1 set up so people can use it ...
  1. #1
    Guest

    2 wireless networks and wired network

    Hi
    We are thinking about setting up a wireless network,
    we have 1 set up so people can use it the same as the wired network after they install the certificates and talk to a Radius server. no problem so far.

    I also want a less secure wireless for handhelds and phones which allows access to the internet only.

    I would welcome some pointers as how to best achieve this, taking into account that all signals from the wireless access points will run across our normal wired network and if possible even on the same wireless access point,
    Vlans have been mentioned but im thinking there must be easier ways to achieve this

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    182

    Re: 2 wireless networks and wired network

    The most sensible way is to use APs that support VLANs (and ideally an access controller - Cisco, BlueSocket, etc.).

    You could have an SSID for unsecured access that is on a VLAN that only allows access to the gateway/proxy and an SSID/VLAN for 'normal' access.

    All the gear sits on the same physical network which you then split up with VLANs to limit access.

  3. #3
    Guest

    Re: 2 wireless networks and wired network

    ok thats where we are now.
    2 SSID's on cisco apis and a cisco access controller.
    secure wireless on VLAN 1 same as our wired network and unsecure wireless on VLAN 2.
    the bit that gets confusing for me is once the vlans get to our layer 3 switch i assume i can set some kind of route across but problem is our default gateway (firewall ) to the internet is on vlan 1, so once i allow the vlans to talk, unsecure can reach wired network,

    or can i set up some kind of 1 way traffic.
    sorry if im being stupid this is all new to me

  4. #4
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: 2 wireless networks and wired network

    could you put another nic into the firewall and hook it up to vlan2, then set the firewall/proxy server up to handle the internet access for that vlan?

    I guess it largely depends on what that box is running...

  5. #5
    Guest

    Re: 2 wireless networks and wired network

    we have a dmz on the firewall so if we could get the packets to there i assume we could then route them straight out.
    am i right in thinking all switches need to be vlan aware from AP's to the firewall?

    guess i need a vlan expert

  6. #6

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    740
    Thank Post
    17
    Thanked 106 Times in 66 Posts
    Rep Power
    37

    Re: 2 wireless networks and wired network

    Hi,

    Yeah you would need a switch that is vlan aware when you connect to your DMZ on your wireless. The thing to do on vlan 2 do not assign an IP address, this will stop routing to this vlan, so you unsecured users cannot access resoures (i.e. the traffic routing is stopped) and then you can assign access to resources at the firewall which is what you want i.e. able to select what the unsecured clients can access. Now i'm assuming your APs are connected to a port which is configured as trunk? On you vlan 2 you may want to setup a DHCP server and DNS and setup some forwarders to your ISP or your internal (coporate DNS) servers. This way when clients connect to the unsecured wireless network they will get an IP from this DHCP server as well as the DNS server. You can the create appropate rules on your firewall for internet access, e-mail, vle etc.

    Sorry its a bit confusing but vlans is the way to go in these kinds of situations. Let me know if you want to know more.

    Ash.

  7. #7
    Guest

    Re: 2 wireless networks and wired network

    thats is exactly what we are trying to do Ashok,
    so would i need to have a trunk port on all switches inbetween the ap's and the dmz switch?

    im think we can assign the unsecure SSID to vlan2 and then set a different default gateway on that.
    also having trouble setting a dns, im guessing there is a option on firewall to pass through dns calls to the outside
    still confused about assign an ip address to vlan 2

  8. #8

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    182

    Re: 2 wireless networks and wired network

    You could also put your firewall into both VLANs and set two IPs on the NIC.

  9. #9

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    740
    Thank Post
    17
    Thanked 106 Times in 66 Posts
    Rep Power
    37

    Re: 2 wireless networks and wired network

    Hiya,

    Yes you would need two NICs on the firewall one on the normal vlan 1 in your case and one on vlan 2 (this makes it easier to assign IPs at the firewall) and also makes creating rules easier.

    On you vlan 2 you will need a server as i mentioned. Now regarding the switches, the trunk port is usually configured on the uplinks between swicthes and this trunk port allows traffic from multiple vlans to be carried accross the link. The switches at each end need to be vlan aware so they would forward the traffic to appropriate ports (which are configured on the various vlans). So lets say you have swictehs as below:

    Core --------> Distribution ------------> Switch -------- AP

    All the dotted lines link will need to be trunk links i.e. the uplink to the distribution switch will need to be trunk and then the link from distribution to the switch as well as the link to AP.

    I'm assuming you radius server is on vlan 1, this is not a problem as you switches will and AP will be able to see the RADIUS server to authenticate clients. This way you can make policies on your radius server and get your users to use the same username and password as their normal logon so they don't need to remember yet another logon credentials.

    On your DHCP server (on vlan 2) configure the scope options to have short lease time i.e. 2 hours or something and also the Default Gateway which will the IP address of you firewall (NIC2) so all traffic is routed through the firewall.

    Regarding the ip address for vlan 2, what i was saying is don't assign vlan 2 an ip address (at your layer 3 switch) i.e. leave it unnumbered so it only operates as layer 2 and does not participate in layer 3 routing.

    Sorry if this sounds confusion.

    PM you details and i'll give you a call if you need any help with this.

    Ash.

  10. #10
    Guest

    Re: 2 wireless networks and wired network

    Thank you very much Ash, its helped me understand a great deal more,
    after talking with some other people as well, i think the 1st job is a 4th nic card in the firewall , assign that to vlan 2, and trunk back to the firewall switch shouldnt be an issuse.
    I have sent you a pm as well

SHARE:
+ Post New Thread

Similar Threads

  1. Map network drives on wireless network
    By woody in forum Windows
    Replies: 24
    Last Post: 1st December 2007, 06:27 PM
  2. Wired & Wireless Securing
    By Samson in forum Wireless Networks
    Replies: 6
    Last Post: 14th August 2007, 10:47 PM
  3. Wired and Wireless communication
    By Samson in forum Wireless Networks
    Replies: 2
    Last Post: 26th March 2007, 10:13 AM
  4. Wireless networks and large groups of laptops
    By maniac in forum Wireless Networks
    Replies: 33
    Last Post: 8th February 2007, 10:52 PM
  5. wired my documents problem
    By ind13 in forum Windows
    Replies: 22
    Last Post: 12th September 2006, 03:46 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •