Guest and private Wirless Networks

[fzx5v0]

Hi
I have a
NETGEAR FS116P
6 x Cisco Aironet 1242AP
Juniper SRX firewall

What i want to do is have 2 vlans on the Aironets one for guests and one for internal laptops. What i intend to do is create a trunk from the aironets to the FS116P and then connect the vlans to the firewall via a trunk or separate vlans.

I would allow the guest vlan only access to the internet via an ACL and the private vlan access to servers and internet.

The question i have is this possible NETGEAR FS116P i can not find any documentation that it complies with IEEE 802.1Q standards and supports vlan tagging

Can anyone advise?

Easyinkz Printer cartridges

http://www.easyinkz.co.uk

 

[stubnski]

Hi,

The netgear FS116P is an unmanaged switch that does not support trunking or vlan tagging. You will need another switch for the multiple vlans you require.

 

[dsfcs]

This is similar to my question, although I guess mine is more basic / general.

My client wants to have two wifi networks present at the office: a private one with access to the server and other network resources, and a public one that can be used by customers to access the web. Is there a standard, "accepted" way of doing this?

I already did it for one client using two wireless routers, one connected to the other, relying on NAT translation to protect the two networks from each other, but it was complicated to set up and I question how secure it really is.

It sounds like the solution you are discussing here involves VLANs to keep the two networks separate. If this is the best way to solve the problem, what equipment should I buy? Would I need to buy two separate APs / routers, or would there be a way to set it up using a single router?

Another bit of information that may be useful is that my client may not need to have wifi access for the private half of the network- it might be acceptable to them to have the private network be wired, and the public network be wireless. Does this change the answer to my question? Are there wireless routers that you can buy that can isolate the wired ports from the wifi access point, while giving both networks access to the Internet?

 

[goombawaho]

I went down this road and this was the thread that confirmed what I COULD do. VLANS is the real secure answer.

http://www.tek-tips.com/viewthread.cfm?qid=1653359

 

[dsfcs]

Thanks for the link- although it seems like they are using a DMZ rather than VLANs. Is a DMZ as good as setting up VLANs?

 

[rclarke250]

I use a Netgear WNDR3700 and it is able to separate two wireless vlans. They call it isolation mode. You can even configure it to separate out the 5Ghz, and 2.4Ghz from each other, and isolate only one of them. Set up the guest wireless on either or both radios while leaving your regular wireless network on either or both radios for access to the wired network. For small businesses and home office it is great, I am sure there are other models that could do this and more without resorting to the huge money commitment that is the enterprise class stuff.

 

[Jontu Kontar]

I didn't see anything in the DataSheet that specified 802.1Q support but it did link to an interesting support article.

App. Note: Connecting multiple VLANs between Netgear Switches (Smart, Layer 2, Layer3)

http://kb.netgear.com/app/answers/detail/a_id/11673

 

[fzx5v0]

Hi
I had a look at netgear website and i think I am going to use GS510TP or GS110TP and put a security policy in place on my firewall so the guest wifi can only access the internet


Easyinkz Printer cartridges

http://www.easyinkz.co.uk