sundance-communications.com/forum Forums VOIP Phones & IP PBX Networking Unsecured wireless

I have a customer who has a boardroom which they rent out. Thy would like to provide wireless internet access in the boardroom while keeping rentors off the office network.

They are using using a Linksys 4 port wireless router. I saw nothing in the setup of the router to seperate the wired ports from the wireless.

Any suggestions.

You could lock out the wired ports.

Siemon LockIT
Panduit BlockOut

I'm not sure what you mean Clinton. They are using the wired ports. I didn't see anyway of "disconnecting" the wired from the wireless.

I just read this, Would this work?
Get a 2nd wired router with DHCP enabled but in a different subnet and move all of the wired computers to it.

Keep the modem connected to the wireless.

Connect a LAN port from the wireless to the WAN port of the new wired. This would give the WAN port of the wired router an IP off the wireless.

The wireless and wired would now have different LAN subnets.

Question, would I get internet access on the across to the wired side?

Marv, could you post the model name?
Generally Linksys routers are low end, and they bridge the wireless and wired LAN segments by default.
I don't think there's a way to unlink them easily. What you propose will not work. The DHCP server (the wireless router) has to be on the same LAN segment as the host device. The one somewhat complicated way is to add a static route between the two routers from say net 192.168.1.x to net 192.168.2.x. Then pass only the WAN traffic to the 2nd router.

Marv, that second router solution will work. You will basically have two routers each with its own DHCP server. The second router's WAN port would plug into a switch port on the first router. You dont have to add any static routes but you do have to make sure the routers are on different subnets. Leave the second router's WAN type as DHCP.

tito, I still don't see how the 2nd router (the wired one) would NOT have access to the wireless segment with the dhcp setup. Aren't they supposed to be entirely separate? I'm sure the renters wouldn't want the machines behind the wired router to be able to browse their network?

Sorry Marv, I misunderstood.

Just to clarify, and correct me if I'm wrong: The router has PCs wired which are on their network, and they want separate wireless access for renters in the boardroom.

If that's the case, I don't see a problem with your 2 router solution. You can chain two routers together using different LAN subnets, they will both have internet access, and hosts on Router A cannot access hosts on router B. This is the essentially the same as the dentist office post.

SPH, the customer's concern is securing their own network and not the public side; had the customer requested two independent networks, then another solution would have been offered. I based my opinion off the initial post which said the customer needed to secure their own network. Whenever someone is using a public network, the responsibility is on them to secure their computers and typically not that of the network owner’s.

That is exactly correct.
I want to secure the wired side from the wireless in the boardroom. I don't care if the wired side will or will not be able to se the renters wireless. It's up to the renter to software firewall their laptop when connected in the boardroom.

Thanks everyone I will propose the two router scenerio.

Clinton, it is an off the shelf Linksys wireless router with 4 wired ports.

Well, I think this is the wrong setup. In a "public" network you (as the renter) don't expect a foreign router (the wired one in this case) to be a part of your LAN. The renter has a reasonable expectation that the provider of public access will not contaminate the renter's internal side, as opposed to safeguarding the external (WAN) side which is the renter's responsibility. As a business decision, it sucks. Certainly, if I was a renter this would be a deal-breaker.
Then there's the legal aspect: what happens if a virus or intrusion attacks the renter's machines from the wired router's LAN? You can scream all you want about how the renter should have also protected their LAN side, which is not really their responsibility anyway. The fact remains, you can be legitimately held responsible for any damages.
Technically, the setup proposed is a de facto static route, only not stated explicitly. Furthermore, there's no need to give the wired router a dhcp address. Give it a static address from the wireless router LAN range. At least that way you can easily administer the wired router from its WAN port. But this is still wrong, because the wired router is still able to route to the wireless segment. As I said previously, I would only allow traffic to/from the wireless router's WAN port to pass through to the wired one.