Wireless guest access

We would like to offer our guest wireless access to the internet. We
have a two nic setup with the wireless access point connected to our
switch. Can someone point me in a secure way of setting this up?
Thanks in advance. Our setup is as below.

Wireless access point > switch > internal nic > sbs2003 > external nic
> router > broadband modem.

Merv
Sat Apr 08 05:38:11 PDT 2006

Move the WAP outside your LAN - i.e., connect it to a port on the router
and have it hand out IP addresses in the same subnet as the router. (This
assumes that you are not currently using it for LAN based workstations).
This will keep the guests off your internal network while giving them
Internet access. If the WAP is now used for LAN workstations, you may need
to get a second WAP and hang it off a port on the router.

--
Merv Porter [SBS MVP]
===================================

<emptybottlechicago@gmail.com> wrote in message
news:1144476002.926227.266030@g10g2000cwb.googlegroups.com...
> We would like to offer our guest wireless access to the internet. We
> have a two nic setup with the wireless access point connected to our
> switch. Can someone point me in a secure way of setting this up?
> Thanks in advance. Our setup is as below.
>
> Wireless access point > switch > internal nic > sbs2003 > external nic
>> router > broadband modem.
>

Owen
Sat Apr 08 08:04:46 PDT 2006

To provide a little more detail to Merv's response:

I am using a configuration like this at one client's site so that an
SBS2003 network and a Guest PC can share a DSL Internet connection:

+-------+
|DSL Mdm| 192.168.1.1
+-------+
|
+-------+ 192.168.2.1
| Router| DHCP Server Enabled -
+-------+ Exclude 1st 10 IPs
| |
| +-------------+
| |
|192.168.2.2 |
| [Ext. NIC] |192.168.2.3
+-------+ +---+
|SBS2003| |WAP|
+-------+ +---+
| [Int. NIC]
|192.168.16.1
|
+--------+
| Switch |
+--------+
| | | |
| | | |
[Domain PCs]

SBS2003 runs either the RRAS or ISA2004 firewall so Ext. NIC
(192.168.2.2) is protected.

Guest PCs with wireless capabilities associate with the WAP and get an
IP address from the (wired) Router.

Since Wireless Routers are easier to find (and often less expensive)
than WAPs, you can use one as a WAP provided you:

- disable the DHCP server on the Wireless Router
- connect an Ethernet cable from the (wired) Router to one of the switch
jacks (there are most often 4) on the Wireless Router. Do NOT connect
anything to the Wireless Router's "WAN" or "Internet" jack.

If you also need wireless access on your internal network, you need a
second WAP - with a different SSID - connected to the switch, with
security enabled. Info about a suggested security configuration can be
found here:

http://home.comcast.net/~clearviewtc/

-- Owen Williams

Les
Sat Apr 08 08:19:16 PDT 2006

IMHO, purchasing an AP is a far easier solution to re-configuring an
all-in-one device as an A/P. But Owen is correct - for some odd reason an AP
is more expensive than a wireless capable router :-(. In that case, you may
elect to simply replace the DSL router with one that has wireless built in.

Most of my SBS networks have two wireless networks, one on the lan and one
external. They all now have wireless routers on the external nic, and AP's
on the switch. The AP's require very little configuration, while
retroconfiguring some routers to work as an AP can be a frustrating
experience.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius


"Owen Williams" <Owen@NoSpam_CVTCLLC.com> wrote in message
news:MPG.1ea19b1a1f2347cd9897b9@news.microsoft.com...
> To provide a little more detail to Merv's response:
>
> I am using a configuration like this at one client's site so that an
> SBS2003 network and a Guest PC can share a DSL Internet connection:
>
> +-------+
> |DSL Mdm| 192.168.1.1
> +-------+
> |
> +-------+ 192.168.2.1
> | Router| DHCP Server Enabled -
> +-------+ Exclude 1st 10 IPs
> | |
> | +-------------+
> | |
> |192.168.2.2 |
> | [Ext. NIC] |192.168.2.3
> +-------+ +---+
> |SBS2003| |WAP|
> +-------+ +---+
> | [Int. NIC]
> |192.168.16.1
> |
> +--------+
> | Switch |
> +--------+
> | | | |
> | | | |
> [Domain PCs]
>
> SBS2003 runs either the RRAS or ISA2004 firewall so Ext. NIC
> (192.168.2.2) is protected.
>
> Guest PCs with wireless capabilities associate with the WAP and get an
> IP address from the (wired) Router.
>
> Since Wireless Routers are easier to find (and often less expensive)
> than WAPs, you can use one as a WAP provided you:
>
> - disable the DHCP server on the Wireless Router
> - connect an Ethernet cable from the (wired) Router to one of the switch
> jacks (there are most often 4) on the Wireless Router. Do NOT connect
> anything to the Wireless Router's "WAN" or "Internet" jack.
>
> If you also need wireless access on your internal network, you need a
> second WAP - with a different SSID - connected to the switch, with
> security enabled. Info about a suggested security configuration can be
> found here:
>
> http://home.comcast.net/~clearviewtc/
>
> -- Owen Williams

Owen
Sat Apr 08 11:39:02 PDT 2006

In article <uReNP$xWGHA.3684@TK2MSFTNGP05.phx.gbl>,
les.connor@DEL.cfive.ca says...

> IMHO, purchasing an AP is a far easier solution to re-configuring an
> all-in-one device as an A/P. But Owen is correct - for some odd reason an AP
> is more expensive than a wireless capable router :-(. In that case, you may
> elect to simply replace the DSL router with one that has wireless built in.

Good point, Les. I've used this exact config a couple of places and
should have mentioned it - Duh!

I will say I have never had much problem reconfiguring a wireless router
to a WAP, but maybe I should be spending less time with TCP/IP networks
and more with my spouse! 8-)

-- Owen Williams

Russ
Sat Apr 08 12:08:06 PDT 2006

For a Hardware Solution look at the new
SonicWall TZ170W

http://www.sonicwall.com/products/tz170_wireless.html

Anyway it has Guest Accounts that Isolate them just to Internet
Plus along with the other great features of SonicWall

You can also have the accounts automatically expire..

Russ


--
Russ Grover
Small Business IT Support
SBS Rocks!
Portland/Beaverton OR
Email: Sales at SBITS.Biz
Website: http://www.SBITS.Biz


"Owen Williams" <Owen@NoSpam_CVTCLLC.com> wrote in message
news:MPG.1ea1cd4d2038833a9897ba@news.microsoft.com...
> In article <uReNP$xWGHA.3684@TK2MSFTNGP05.phx.gbl>,
> les.connor@DEL.cfive.ca says...
>
>> IMHO, purchasing an AP is a far easier solution to re-configuring an
>> all-in-one device as an A/P. But Owen is correct - for some odd reason an
>> AP
>> is more expensive than a wireless capable router :-(. In that case, you
>> may
>> elect to simply replace the DSL router with one that has wireless built
>> in.
>
> Good point, Les. I've used this exact config a couple of places and
> should have mentioned it - Duh!
>
> I will say I have never had much problem reconfiguring a wireless router
> to a WAP, but maybe I should be spending less time with TCP/IP networks
> and more with my spouse! 8-)
>
> -- Owen Williams

Mark
Sun Apr 09 08:52:28 PDT 2006

FYI, Belkiin $40 at Home Depot can easily change from router to Access Point
and their quality is exceptional from what we've tested. We simply put in a
switch from the ISP and put the WAP on an open network there and then from
the switch into the WAN of the server so it is isolated.


<emptybottlechicago@gmail.com> wrote in message
news:1144476002.926227.266030@g10g2000cwb.googlegroups.com...
> We would like to offer our guest wireless access to the internet. We
> have a two nic setup with the wireless access point connected to our
> switch. Can someone point me in a secure way of setting this up?
> Thanks in advance. Our setup is as below.
>
> Wireless access point > switch > internal nic > sbs2003 > external nic
>> router > broadband modem.
>