Separating Wired and Wireless Networks

Thanks Steve

The wired network Netgear device seems pretty stable - the wireless was inherited so worth investigating

I think you are right there.

Surely it would be important that this worked the other way and protected LAN clients from wireless clients!

Not heard of these but will check it out.

Phil

Thanks to all respondents - it looks like I will need to spend money, or accept the run-of-the-mill security here.

Phil

snip

Thanks John

It looks like combining the above weakish measures with your wireless isolation is probably the best I can do without spending on a more sophisticated device. Trouble is that family members are used to other vanilla setups where there is no security and everything just works! I suspec that they will be un-impressed if the wireless isolation prevents printing...

Phil

That's because in common with most home wifi routers its a router connected to a switch and the WAP hangs off the switch.

Not with a WAP, you need something with a router in it and WAPs don't have one.

You can do that with a Netgear (or any other) cable router if you ignore the LAN ports on the switch as you then have a LAN port a router and an AP.

You can't usually do that with an adsl router (like the dg834g) as the LAN ports are all on the same switch along with the wap.

exactly. you want access between people on the 'extended wifi lan' so there is little point in separating them.

The only real use is to set up a 'guest room' lan' where guests can get to the internet, but not to your lan.

I however, trust my guests.

If you happen to have a spare PC and some spare NICs, install smoothwall or IPcop. That will do a WAN port, A wired network port, a wireless network port and a DMZ network port.

Some routers support Enterprise Authentication Protocol (EAP) where the person wishing to access the wireless network needs to type in a user ID and password and then the WIFi router can then authenticate the user as well as the SSID, IP addy and MAC address.

Although as I mentioned earlier, the 834G does support wireless isolation as an option which means wireless clients can be restricted from access to anything on the LAN, or each other, and can only use the connection for access to the WAN connection. Likewise LAN clients can't see the WiFi ones.

The PC running my Smoothwall cost £10 on eBay & the NICs came out of the junk box at work.

+1 keeping the firewall on a wireless router tends to stop sharing of files and printers between wired and wireless PCs which can be a pain at times. I wired everywhere up but still have had to add two APs ( using redundant wireless routers) so smartphones. ebook readers and tablets can hookup easily. Keeping it simple pays dividends when something appears to misbehave which will always happen at a critical moment.

Sorry dennis old fruity but that's incorrect. A good proportion of WAPs have a router built in.

Then its not a WAP then is it.

Listen carefully grasshopper and you can hear the familiar sound of one dennis wriggling.