Setting Up Public hotspot on Private Network

[thriftwayerics]

I need a solution for installing a public wireless hotspot, but use my existing internet connection. It has to be secure to not allow access to my internal LAN. I have tried the 2 separate networks but we need to branch out more beyond the physical limitations.

T1 internet connection
SonicWALL Pro 2040 firewall
All internal switches support VLAN tagging
Access point currently are all Linksys units.

Does anyone have any solutions?

Thanks!

 

[CiscoGuy33]

thriftwayerics,

I am at a large college and we have Cisco and HP APs all over and we control them by having them all on a seperate VLAN that just allows them access to the Internet and no local LAN side networks.

It would just be a matter of setting a seperate VLAN on the switch for your AP's and then setting the rules in your firewall for your different VLANs.

Hope this helps!

E.A. Broda
CCNA, CCDA, CCAI, Network +

 

[thriftwayerics]

I dont think my Sonicwall Pro 2040 supports VLAN's.

 

[CiscoGuy33]

thriftwayerics,

You said -

"All internal switches support VLAN tagging"

So I assumed that VLAN's were an option, seems that the Sonicwall Pro 2040 should be able to seperate subnets or at least have the LAN and a DMZ on seperate subnets.

I did a little research into the Sonicwall Pro 2040 - seems it can do 25 VLAN Interfaces with the SonicOS Enhanced version.

From Sonic information -

Sonic OS Enhanced:
An optional upgrade, SonicOS Enhanced adds a suite of advanced security and networking features, including ISP failover, object-based management, policy-based NAT and more.

In addition, SonicOS Enhanced activates a fourth interface that can be configured either as an additional LAN, WAN or DMZ, or as a hardware failover port, ensuring continuous network uptime.

AND, it seems with the latest firmware upgrade they now support VLANs, here is what I found in a post about the Sonicwall Pro 2040 and VLANs -

Sonicwall added VLAN support with a latest builds of firmware on the Pro 2040 and 3060.

The current 4.x build has VLAN support, which allows you to create sub-interfaces off of each of the physical interfaces.

Seems you should check with Sonic

Hope this helps!

E.A. Broda
CCNA, CCDA, CCAI, Network +

 

[DTSMAN]

The two seperate networks is the only way to go. We put in point of sale systems in restaurants with wifi connection. The pos server gets two network cards, one to communicate with the pos terminals on one IP schema, and the second for internet access. That is the recommended way by most wifi companies in commercial environments wanting to share their internet access with their patrons.
The most secure way is two different static ips from your ISP and use one for your inhouse systems and the othter for the public.


Bo

Remember,
If the women don't find you handsome,
they should at least find you handy.
(Red Green)

http://www.redgreen.com

 

[Grenage]

We also use VLANs to provide unrestricted Internet access, it's the easiest way to keep your networks separate.

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer