Suggestion to adding Guest Network to our complex network

Dan Gupta · Dec 30, 2013

We currently have a non-common network system. This is due to the fact that we have 2 different building and one of the building have no physical wire connection, everything is wireless bridged over. Our network runs our intranet, IP security Camera, IP Phone system and the internet. I wanted to add 1 (prefer 2 [1 restricted to few ip only another with full internet access]) guest network to the existing LAN (Only access to internet, not internal LAN address) but only in the building that have no physical wire connection. Because of this, I have no idea have to configure it to work and wanted to see anyone have suggestion.

So our system is current looks like this

Building 1 (no guest wifi needed)
- Cable Internet Wire Connection to Modem
- Modem to Router with WIFI
- Phone Wire Connection to Asterisk PBX system
- Asterisk PBX system connected to Router LAn
- Router WIFI connected to office laptop
- Router LAN connected to office desktop
- Router LAN connected to outdoor wireless bridge to connect to building 2

Building 2 (Wanted to add [1/2] guest wifi)
- Wireless Bridge connected to switch
- Switch connected to AP for office laptop
- Switch connected to security camera DVR
- Switch LAN connected to office desktop
- Switch LAN connected to IP Phones around the office

So any suggestion how to add a guest network to building 2?

bill001g · Dec 30, 2013

You are going to need a device that supports vlans and firewall capability. There are a number of commercial routers that can do this but if you are willing to spend quite a bit of time reading documentation you can load third party firmware like dd-wrt on a consumer router.

Now what I am proposing is not a real guest system that requires any form of unique user authentication it is only a different wireless network at most protected by a different shared key. If you need user authentication it is much more complex.....dd-wrt can do some of it but I don't know if that is in the free versions.

A couple of assumptions to make this easier.
1. you can use a single wireless device to cover the whole building 2 with the guest networks
2. traffic is initiated from the guest network toward the lan or internet....ie you do not have servers or shares being opened from the lan to the guest.

So what you do is put your new router in building 2. It will have its wan interface connected to the switch and get a address from the main lan router. You now define multiple vlans and put DHCP pools in for each. You then define a SSID to tie to each vlan and set the security parameters.
You of course need to use non overlapping subnets in the vlans. Now to restrict the traffic you put in ip filters to only allow the traffic to flow to the ip you want. For example you could put a rule in that says the guest vlan that uses ip addresses 10.1.2.0/24 could only go to the internet gateway 192.168.1.1 where as 10.2.2.0/24 could go to that address plus 192.168.1.10 also.

Of course it gets much more complex if you were to need this guest network to exist on both sides of your wireless bridge.

Dan Gupta · Jan 5, 2014

I will try that.. seems like a possibilty

Search

Suggestion to adding Guest Network to our complex network

Dan Gupta

Honorable

bill001g

bill001g

Titan

Dan Gupta

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page