2 Subnets on a network with many access points

jfried4 · Aug 5, 2016

Hello,

I'm trying to setup a network for a hotel installation, where the desire is to have 1 seamless network for guests accross a large area -- multiple APs required), and a physical network for our internal PCs, which require access to a server that's connected in the basement. Our ability to add new wiring is quite limited.

Our current network layout consists of the following:

Cable modem providing internet access. A dlink 850 router connected to that, acting as our DHCP server.

There is a ~20 port switch attached to that dlink router, which distributes the ethernet throughout the property.

In many of our public areas, we have dlink 650 routers setup as access points (all on the 192.168.1.X subnet), as many of these areas also require an internal PC to be connected to the network.

I was wondering if there's any way to configure it so that our wifi clients are all served a different network, but that the primary router acts as the DHCP server, enabling users to walk around the property, picking up the strongest network; or what is the best way to create some level of security between guest and internal computers?

bill001g · Aug 6, 2016

Not with the equipment you have. You need more commercial equipment. Pretty much what you are describing is simple vlans. You have 2 virtual networks hooked to all the equipment using the cable to carry both networks.

You pretty much are going to have to scrap everything except your wiring. You need some form of managed switch which supports vlans. There are many fairly inexpensive ones. The router and the AP though are going to be a little harder. The brand commonly used by smaller installations is ubiquitii but there are a few others. Most large organizations use expensive systems from cisco, aviyia, hp etc.

I am surprised that you just use a simple guest network. Most hotel have the need to limit who can actually use the guest network because of the massive abuse by some small group of individuals.

jfried4 · Sep 28, 2016

Thanks.

Can anyone reccomend a setup on equipment?

We've purchased a Linksys LRT224 router (we want to have redundant internet connections), which supports VLANs. Do I need to replace the 20 port switch with one that also supports VLANs? If so, does it need to be a "managed" switch?

Do I also need to replace all of the various routers / APs located around the property with ones that support VLANs?

nikononiko · Sep 28, 2016

hi, not shure but maybe this example will help you depending on equpment u you have availble

to make it simpler for presenting what i'm trying to do lets say i have modem router as frist device and wi-fi router as second device

lets say that u can configure your modem as dhcp server as network ip 192.168.2.1 (avoiding default device Ip such as 192.168.0.1) with subnet mask 255.255.0.0
configure for example internet connection (username name and password)

then configure your 2nd router with local Ip example 192.168.3.1 with subnet mask 255.255.255.0
on second device u can use dhcp as relay assigning 192.168.2.1 as dhcp server
configure your wi-fi (name and password)

now u must configure these 2 devices to work togther - hardest part. with some devices u can simply use option like bridge conection. or u must configure it as static IP. in the second scenario u can use router wan as external IP and join it in network 1 which is like 192.168.2.2 and subnet mask 255.255.0.0 and gateway 192.168.2.1.
NOTE: this is done on 2nd device
this would be result:

2 seperate networks

192.168.2.??? - we will call it public

192.168.3.??? - we will call it private

if any device connects trough wi-fi or lan with auto configuration dhcp will assign it to public network
it has internet accese and shares on that network

but for accesing our private network u must configure each device for example pc:
192.168.3.???
255.255.255.0
192.168.2.1
NOTE: some older devices (routers) can't resolve gateway even if you make it static (erlier step) and will use their local IP as gateway but your pc can go out if u enter it here

all what is left is DNS of your provider. enter it and
result is u have your 2nd network with internet accses and your shares

if u don't want to allow internet on one pc u can skip dns step or u can change gateway to 2nd device(router) ip - and i belive it shouldn't be able to go out. I know that if 2nd router can't resolve gateway using his ip would result no internet. Probably result would be the same in other case too since you are directing him to wrong address.

Keep in mind that some of this is tested but not all. Also i'm not an expert

. U can see from IP adresses limitations of this example - compare it to your needs and availble equpment you have. Maybe this can be your starting piont to make something your own. Also you should think how secure it is.

I hope this helps you ...

bill001g · Sep 28, 2016

jfried4 :

You would have to replace anything that needs to use both vlans on the same equipment. Likely the switch and it has to be some form of manged because you must tell it what ports are on what vlans. Many manufactures have lots of silly names for switches that can be configured but for some reason they don't want to call them managed.

You could run the AP without vlans if you use them for dedicated purpose. You would plug them into a ports on the switch define to different vlans. It will likely be simpler to get AP that support vlans. Ubiquiti sells AP that inpensive and have many of the features of high end commercial stuff

Search

2 Subnets on a network with many access points

jfried4

Reputable

bill001g

bill001g

Titan

jfried4

Reputable

nikononiko

Commendable

bill001g

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page