PDA

Click to See Complete Forum and Search --> : add wireless to use outside of network for guests

Vanessa
December 29th, 2007, 03:34 PM
I have a T1 network with a Netscreen router to administer a domain network access to internet and internal network. I will be having several people in to do training in two different areas of the building and would like to add one or two wireless routers to give access outside of the internal network. All rooms are cat5 wired. Can I run another cat5 cable from the netscreen box to one of the rooms and put a wireless router in the room to give access to 8 to 10 wired and wireless users. Will the wireless router give them new IP addresses and can they use the same 192.168.1.xxx as the internal network? Does this new wire need to have a new gateway of like 192.168.1.2, Would the security be best by allowing only certain MAC addresses or will WPA2 be good enough? I need to purchase the equipment this weekend so I was looking at a Linksys WAP2000 router. Any ideas? Thanks for any help you might be able to give.
Tuttle
December 29th, 2007, 07:44 PM
If the Netscreen box has multiple internal interfaces and lets you filter traffic between them, you can approach this like you're planning. The guest bits will be their own networks with their own IP address ranges, and it's up to the configuration on the Netscreen to let them get at the Internet but not the Internal network.

If the Netscreen is more of a SOHO device (where the inside bit is just a regular switch), then what you're trying to do would give everyone full access to the internal network as well.


In terms of wireless security, go for WPA/WPA2 and just write the key on the whiteboard in the room (and change it periodically, eg after each course finishes). MAC filtering isn't security.


The WAP2000 is only an access point, not a router. If the Netscreen box is going to handle DHCP and DNS for the guest networks, then that's all you need. Otherwise, you need something bigger.


If you had more time, you could look at a hotspot system like ChilliSpot (http://www.chillispot.info/) to provide authentication (and monitoring if required), then leave the wireless network unsecured. Probably not something you could just drop in in a couple of days though.