|
|
|
Ok here's what I want to do. Have a shop with holiday flat above to which I want to provide guest wireless access. Currently have ISP supplied ADSL2 router which does not have guest network access facilities.
Yes I could replace the ISP�s router. But not actual sure I want to at this stage. In somewhat of a negotiation with them!
I google'd for suitable replacement and was attracted to the Linksys E series routers which have very nice Guest network facilities. (Nice simple hotel style guest landing page and password), Plus (being Cisco) very configurable. But I think the are cable broadband only!
So my question is, could I connect one of these types of routers to a LAN port on the ISP�s router and effectively use it as an Access point? I'd probably disable the wireless and DHCP in the ISP�s router and let the Linksys do all of that. Creating a faster Secure Wired/Wireless LAN for the shop and an open guest wireless LAN for the flat. If so do I use the WAN port on the Linksys or one of the LAN ports?
Or is there a BT ADSL2 version of the Linksys I�m missing
Or an AP that anyone could recommend to do the same thing.
There is the possibility due to the property construction and layout, that whatever I use to provide the Guest access in the flat may have to be relocated to somewhere in said flat to provide adequate coverage. (Though I do see some Down sides, will discuss later)
|
|
|
So my question is, could I connect one of these types of routers to a LAN port on the ISP�s router and effectively use it as an Access point? Yes, you connect it to a LAN port.
.... Creating a faster Secure Wired/Wireless LAN for the shop Connecting the guests in the way you suggest, will give them access to your shop network
You really need to put your shop network behind another firewall.
Line One:- Zen - DrayTek Vigor 2600VG
Line Two:- EntaNet - DrayTek Vigor 2600
|
|
|
|
Ok Yes I see you point attached it to the existing router!
If I ditched the ISP's router is there a linksys or something else that would give me the guest access I'm looking for.
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
Routers with guest networks allow you to have 2 wireless networks total independent of each other so it the OP uses the main wifi/lan for what they like and then set a guest network up which is independent still giving internet access but blocking you from the other side of the lan. Or at least this is how my uncles virgin media super hub works that supports guest networks and usually you can also set different limits on the guest network. E.G. block specific things that wouldn't be blocked on the main wifi so keeps people on guest network from downloading things they shouldn't and so on.
Ash
-------------------------------------------------------------
Virgin Media 50Mb/s
[IMG]http://speed.io/pics/4107/0447/speed.io.png[/IMG]
2004: Blueyonder 256k/512k => 2006: Blueyonder 2Meg => 2009 Virgin Media 10Meg => 2009/10 Virgin Media 50Meg => 21/04/2011 sky Unlimited
Desktop 1 Intel Core i5 2500 4gig DDr3 1333 64GB SSD 250gig sata 3 HDD 1TB sata 2 HDD Blu-ray RW Nvidia 8800GTS Win 7 Pro
Desktop 2 Intel Atom 330 2gig DDR2 677 250gig sata 2 HDD DVD-RW Win 7 Pro
Desktop 3 AMD Phenom 9500 2gig DDR2 677 500gig Sata2 HDD DVD-RW No specific os (test machine) |
|
|
Ok Yes I see you point attached it to the existing router!
If I ditched the ISP's router is there a linksys or something else that would give me the guest access I'm looking for. That's incorrect. The Linksys will work as you want.
|
|
|
Ok Yes I see you point attached it to the existing router!
If I ditched the ISP's router is there a linksys or something else that would give me the guest access I'm looking for. That's incorrect. The Linksys will work as you want.
Whats incorrect? The E Series Linksys routers I think are all cable versions I have yet to find a BT ADSL2/2+ version.
|
|
|
Ok Yes I see you point attached it to the existing router!
If I ditched the ISP's router is there a linksys or something else that would give me the guest access I'm looking for. That's incorrect. The Linksys will work as you want.
Whats incorrect? The E Series Linksys routers I think are all cable versions I have yet to find a BT ADSL2/2+ version.
This is incorrect Connecting the guests in the way you suggest, will give them access to your shop network
|
|
|
This is incorrect Connecting the guests in the way you suggest, will give them access to your shop network
Ok in what way is this incorect? if the linksys is attached to one of the ISP's routers LAN ports the surely it must have access to anything attached to the other LAN ports on the ISP's router?
|
|
|
|
No, it will be on another network.
|
|
|
Routers with guest networks allow you to have 2 wireless networks total independent of each other But that is not what the OP suggested.
You can not have two independent networks if you connect them LAN to LAN.
Or at least this is how my uncles virgin media super hub works Your uncle is on cable. The OP is on ADSL.
Line One:- Zen - DrayTek Vigor 2600VG
Line Two:- EntaNet - DrayTek Vigor 2600
|
|
|
You can not have two independent networks if you connect them LAN to LAN. Why not? Your uncle is on cable. The OP is on ADSL. So?
|
|
|
|
This is true, it will be on another network. However the Linksys router will know the shop network, and will not be designed to protect this shop network from residents on it's network. So if a suitably nosy/malicious person with the requisite knowledge were to join the linksys network they would have access to the shop network.
Now I assume (having done no actual research at this stage) that it would be possible to configure the linksys to block this access, but I doubt it will be straightforward.
The op would be better off getting either a router that allows him to do what he wants, or properly designing a network consisting of modem, router, firewall and access points.
Based upon quite unfounded assumptions about the size of the network the op wants I would advise the single router/firewall route.
|
|
|
This is true, it will be on another network. However the Linksys router will know the shop network, and will not be designed to protect this shop network from residents on it's network. I suggest this is the whole point of the Guest Access setting on the Linksys router.
|
|
|
|
I very much doubt it.
I would suggest the guest access setting is a setting that makes the "guest" client an untrusted network client, and as such prevented from accessing other clients on the protected network. As far as the linksys router is concerned everything it connects, and is within it's LAN segment is protected. Everything outside this is unprotected. This means the shop network, which lies closer to the internet than the linksys network, will therefore be considered untrusted by the firewall on the linksys, and will get no protection by default.
Now as a router designed for the power user or tech enthusiast (I've now done a little more research, but not much) I suspect that this router has the capacity to protect this external network as well, with rather good granularity. However the default is very unlikely to be to protect the external (shop) network out of the box, as it would expect this external network to be the internet (or close to it). It is not a PIX Cisco firewall that by default blocks everything. It is a consumer/prosumer/SOHO router. And this means it will have a "useful" default set up.
|
|
|
I very much doubt it.
I would suggest the guest access setting is a setting that makes the "guest" client an untrusted network client, and as such prevented from accessing other clients on the protected network. As far as the linksys router is concerned everything it connects, and is within it's LAN segment is protected. Everything outside this is unprotected. This means the shop network, which lies closer to the internet than the linksys network, will therefore be considered untrusted by the firewall on the linksys, and will get no protection by default.
Now as a router designed for the power user or tech enthusiast (I've now done a little more research, but not much) I suspect that this router has the capacity to protect this external network as well, with rather good granularity. However the default is very unlikely to be to protect the external (shop) network out of the box, as it would expect this external network to be the internet (or close to it). It is not a PIX Cisco firewall that by default blocks everything. It is a consumer/prosumer/SOHO router. And this means it will have a "useful" default set up. ... made by Cisco.
|
|
|
... made by Cisco. I've used Linksys routers.
If you want Cisco capabilities you buy a Cisco, not a Linksys.
|
|
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
|
|
|
... made by Cisco. I've used Linksys routers.
If you want Cisco capabilities you buy a Cisco, not a Linksys.
A Linksys is a Cisco.
|
|
|
A Linksys is a Cisco. It's got a Cisco logo on it, that's all.
|
|
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
|
|
|
|
Ha! Like that means anything these days.
Linksys is a Cisco owned brand, but the kit you get is not full on hardcore CISCO kit. It's not even in the same league.
Linksys by CIsco E3000 High-Performance Wireless-N Dual Band Router (the top of the E seires range) £99.99 on DABS
Cisco SA 520 Security Appliance (the cheapest Cisco Firewall available on DABS) £294.24
Now the Cisco SA 520 will absolutely do whatever you want it to in terms of firewall capabilities. But it will not be usable out of the box (unless implicit "Deny All" is useful to you). But it does not have Wireless N let alone dual band, in fact it doesn't have wireless at all. Why would cisco shoot themselves in the foot by offering an all singing all dancing router with dual band wireless N for just over 1/3 of the price of it's lowest price firewall?
The e-series will not be as good a firewall, it will not be as configurable, it will not have the same data throughput. Cisco are good at what they do, but they are greedier than microsoft. They get away with it though because the people doing the buying aren't after cheap they are after good.
|
|
|
|
Would the FON router work?
|
|
|
|
It all depends on how he sets up his network.
He could conceivably put the guest network on his existing ADSL router (without the guest setting being available) and put the shop network on the linksys.
The shop network would be protected, but all users of the "guest" wireless in this set up will be accessible to all other users.
What is important is that any traffic passing from the "guest" network to the shop network passes through a firewall from untrusted to trusted. The guest setting on wireless routers makes the wireless clients untrusted, and as the connection must go through the wireless router (with built in firewall) this protects the LAN segment which is trusted. The WAN segment is typically untrusted, indeed it is typically less trusted than "guest" wireless clients. Hence the issue with the originally suggested set-up using the linksys to provide the guest access.
|
|
|
|
But the FON router manages this just by plugging it in.
|
|
|
|
I assume you mean the BT FON router?
As I understand it this presents a wireless access point as a chargeable service and protects it by creating a VPN from the router, past your network, to a central platform from where the wireless hotspot gets it's internet connectivity.
If I am correct, then this would be suitable (in so far as it would protect the local network from hotspot clients) however I am not confident of my understanding of how the FON products work, and would not personally trust them on my network without doing further research and getting reassurance from the makers.
|
|
|
I assume you mean the BT FON router? No, I mean the FON router which manages this trick which, according to you, the Linksys router cannot - even though it is designed to do this and is manufactured by Cisco, the networking experts.
|
|
|
and is manufactured by Cisco, the networking experts. If you seriously believe that Cisco produce domestic Linksys routers with the same (or even vaguely similar) capabilities to their professional Cisco brand, it explains a great deal about the reliability of your usual advice... and your (totally misplaced) belief in your own infallibility.
|
|
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
|
|
|
|
You assume the cisco is designed to exist in a multi-subnetted private network. I find this hard to believe. It has too many features to be targeted at the people who would have large enough networks to require separate WAPs, and not enough features to be targeted at businesses that have complex multi-subnetted, multi-firewalled networks.
I believe strongly that it is designed to exist as the sole router on a small network. As such why would it have the features you describe? Particularly as this would tread on the toes of Cisco's much more expensive equipment aimed at big businesses.
The FON is designed to exist within an existing network. As I say however I am not sure if it is safe, and would not trust it myself. But it is conceivable that it could protect the parent network.
It is a matter of designed purpose. Now I also did not say that the linksys could not be made to be safe! However I did say that I doubt doing so would be easy or straightforward.
|
|
|
Your answers are quite right when considered alone.
But put them in the context of the original post. Either what the OP proposed will not work, or there will be security issues.
Line One:- Zen - DrayTek Vigor 2600VG
Line Two:- EntaNet - DrayTek Vigor 2600
|
|
|
Your answers are quite right when considered alone.
But put them in the context of the original post. Either what the OP proposed will not work, or there will be security issues. Exactly what command will the Guest use to access the main network?
|
|
|
For example if the main network uses 192.168.0.x and has a webserver on 192.168.0.22 then doing http://192.168.0.22 from the guest network would let them see this webservice.
Cisco labelling of Linksys kit is just a marketing exercise, and cisco is not as infalliable as some like to believe.
If the linksys E router supports a guest network that protects an ethernet LAN network on the router, then by moving the shop network onto the LAN side of the linksys E you can achieve what you want. BUT this may mean you are double NAT'ing some things on the shop network.
As for linksys E with ADSL modem built in, don't know. BUT a decent ISP will be able to supply a block of static IP's and you can use NON-NAT on the ADSL modem to supply a real IP address to the WAN side of the linksys.
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
For example if the main network uses 192.168.0.x and has a webserver on 192.168.0.22 then doing http://192.168.0.22 from the guest network would let them see this webservice. Even if that were true, how would the guest know about 192.166.0.22? or 192.168.0.x for that matter??
|
|
|
|
Well seems I've created a big debate. Thanks for all the input guys most useful.
I conclude that my best bet is to find a ADSL2/2+ router that I can replace the ISP's router with that gives me the Guest access I want.
Any recomendations?
|
|
|
tracert reveals going through a 192.168.0.x address and if you know gateway IP then that would be first target and with a 255.255.255.0 subnet only 255 IP's to query for interesting services.
The FON gets around this by actually using a tunnelled connection, which means the guest users appear as a FON IP address, nothing to do with your broadband IP.
It is also worth considering the legal implications, and how much logging is needed to prove it was not you do carried out various activities
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
tracert reveals going through a 192.168.0.x address and if you know gateway IP then that would be first target and with a 255.255.255.0 subnet only 255 IP's to query for interesting services. The Guest network is a separate network, so your solution won't work.
|
|
|
No it is not, not in the scenario as presented in the original post, bashes head against wall. If the scenario is that the the shop network and guest network are BOTH connected to the LAN side of the linksys then you are right.
OP WAS
INTERNET----ROUTER----SHOP NETWORK----LINKSYS----GUEST NETWORK
reasonable solution would be
INTERNET - NON-NAT ROUTER ---- LINKSYS ----GUEST and SHOP on different LAN ranges, with the guest functionality blocking access to the shop network
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
No it is not, not in the scenario as presented in the original post, bashes head against wall. If the scenario is that the the shop network and guest network are BOTH connected to the LAN side of the linksys then you are right.
OP WAS
INTERNET----ROUTER----SHOP NETWORK----LINKSYS----GUEST NETWORK
reasonable solution would be
INTERNET - NON-NAT ROUTER ---- LINKSYS ----GUEST and SHOP on different LAN ranges, with the guest functionality blocking access to the shop network Ah, I see why you're confused. You're talking about a standard router, but I'm talking about a Linksys E-series with it's Guest Access solution.
|
|
|
In the scenario explain then how
INTERNET----ROUTER----SHOP NETWORK----LINKSYS----GUEST NETWORK
and the Guest Access solution stops people seeing the Shop network, remembering it is effectively on the WAN side of the linksys.
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
|
That's it's Raison d'�tre - that's what it does.
|
|
|
Really it hides content on the WAN side of the router? If it does that then how do people see the internet...think about it for a moment.
The guest mode will only hide a LAN that is connected to the LAN side of the router.
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
Really it hides content on the WAN side of the router? If it does that then how do people see the internet...think about it for a moment.
The guest mode will only hide a LAN that is connected to the LAN side of the router. Why not get hold of one and do a review? I don't think you're going to take my word for it...
|
|
|
No, just answer the question.
How does guest mode hide IP addresses on the WAN side of the router?
I fully understand how it stops you from seeing computers on the LAN side, that using the standard wireless or ethernet, but short of creating a tunnel ala FON I don't see how what you suggest you work.
One option would be to configure the routers firewall to block access to the local IP address range that is on the WAN side, BUT you would have to remember to allow the gateway IP address to be visible still.
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
No, just answer the question. I have, several times. You don't accept my answer, so either ask Linksys or get a router from Linksys and find out yourself.
|
|
|
From my past experiences, I thought typically these sort of routers created a second NAT?
Therefore mitigating any concerns that the guests can route traffic to the private network?
Shoot me down if I'm wrong 
|
|
|
Second NAT yes thats normall
WAN range ---- ROUTER --- GUEST LAN 10.0.0.x for example
|
-----WORK LAN 172.17.17.x cannot see each other
But both can see everything on the WAN side of the router
Switch from code to pre tag
Edited by MrSaffron (Tue 29-Mar-11 12:26:14)
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
It appears that Batboy is right,
http://www.linksysbycisco.com/UK/en/products/E3000?l...
http://downloads.linksysbycisco.com/downloads/usergu...
...refer to �Simultaneous Networks� on page
9. The Guest Access features allows you to provide Internet
access to guests visiting your home without granting
them access to your local network.
Wireless Configuration (Manual)
Your Linksys E3000 can run two networks at the same time, one network using the 5 GHz radio frequency band and the other network using the 2.4 GHz radio frequency band. This allows you to isolate higher-priority traffic, such as video and voice applications, on the 5 GHz network, which is less prone to interference.
The computers and devices running your video and voice applications can use the 5 GHz network, while your guest access and computers that are only browsing the web can use the 2.4 GHz network.
It doesn't quite state (from what I can see) that the two LANs are specifically firewalled from each other, but it suggests that is what happens.
If you didn't know how to explain it, you could have just said so.
To imply that the "Linksys by Cisco" products are somehow in the same league as the Cisco gear is wrong. One is a range of domestic and small-business grade budget kit, the other isn't. To use an analogy, VAG own both Skoda and Bugatti, it doesn't mean a Fabia is the same as a Veyron.
|
|
|
To use an analogy, VAG own both Skoda and Bugatti, it doesn't mean a Fabia is the same as a Veyron.
You'd be surprised at what VAG do actually share in terms of components between it's lower cost products (VW/Skoda/Seat) and it's super car brands such as Porsche and Lamborghini! Ha!
|
|
|
Batboy is right in that if the two networks are on the LAN side of the Cisco then they can be kept seperate, I've never disagreed with this.
I am being beligerent because the original poster was talking of the following setting
ADSL modem/router ----SHOPNETWORK----CISCO ROUTER WITH WIRELESS GUEST NETWORK
Thus the guest network traffic has to cover the shop network to reach the outside world. Have posted suggestions for setups that would avoid this.
Perhaps I am not explaining myself correctly, but have come across this situation on peoples networks and face to face they have understood me.
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
Indeed I don't think there's any problem with your explanation, as much as is possible in a forum without embedded images.
It does sound like the kind of setup best discussed sat in front of a network diagram showing where the data goes, and being limited to ASCII art makes this tricky to clarify.
Even if there is an ADSL version of a router that provides guest Wi-Fi access, I'm not sure that is the best answer for this location. For a router located in a staff area of the shop, the OP can't even assume that this will give a reliable Wi-Fi signal in the flat.
The OP has not said if there is a good reason why the flat cannot have its own independent broadband connection. If budget is an issue, an old PC could run install Smoothwall Express or pfSense.
Granted there is a bit more one-off work involved (adding 1 or 2 network cards), but both of the above can install from a bootable CD and provide proper separation of the networks. The latter could do a captive portal (for the flat or for the shop) and traffic shaping.
A problem I've seen when visiting other setups is that, if the internet works, people assume it's all ok and stop thinking about whether the setup is secure enough.
Whatever route the OP goes down they need to allow for the possibility of needed to run CAT5 to an access point in the flat.
Also, OP should not worry about replacing the "ISP router" with something better suited to the requirements as long as they have a note of the ADSL settings - no reasonable ISP can insist you use their supplied router (though they might get sniffy about answering support questions).
prompt $P - Invalid drive specification - Abort, Retry, Fail? $G
prlzx on n e w n e t Max ADSL
|
|
|
We use to have a setup which consisted of a main wireless router, a second wireless router to cover a dead spot in the house and a third wireless router for guest access. The second and third router had DHCP disabled with ip adresses within the main router range. The guest router also had the "AP Isolation" setting set to enabled . This would prevent the clients connected to the wireless guest AP to have access to other clients or network devices. The guset router had full internet access.. The second and third router were connected by the lan ports and not WAN. Once the "AP Isolation" was set this also prevented access to set up the router by wireless. Further access to settings on the guest router could only be done by a Lan connection.
Most wireless routers now days have the "AP isolation"
This may work for the op
Regards
BP1
BTBroadband
"When everything's coming your way, you're in the wrong lane"
|
|
|
OK wow! What have I started? This is all Great Input! Really big thanks!
Some of my thoughts when reading all your posts! In no particular order:
General comments:
I have confirmed that I �should� be able to replace the ISP�s modem/router with one of my own choice! Currently it�s a Thomson LiveBox supplied by Orange. One DSL/WAN port and 2 (yes 2!) LAN ports, and wireless G
I have read reports that the Linksys E-series are not very good at letting you change the �guest� SSID and password! It apparently gets messed up and you end up having to reset the whole thing! 
prlzx - Yes given the shop and flat construction, I had considered that I may need to run some Cat5 up to the flat and then it would make sense just to use an AP. How though do I prevent the 'flat guests' disconnecting the wired connection to the AP and attaching their devices to the protected LAN. Any AP's you'd recomend?
BP1 - With ref to above Is this the 'AP isolation' you talk of. If fairly sure the current router does not have the 'AP isolation' feature.
shtu - Ok was aware that the Linksys was dual band. But If I understand you correctly if I created a trusted wireless LAN for the shop and a Guest wireless LAN for the flat. Then one would have to run on 2.4Ghz and the other on 5Ghz? Which would be a bummer as it's unlikely that any kit either in the shop or flat will be 5Ghz capable!
BatBoy � Quick Look at the Fon Router and other such devices/services. Not sure? This service is open to the public and then chargeable?
The idea is that we give the �flat guest� the Linksys guest password on arrival. They could then access the web/mail etc during their stay. When they check out we�d change the �guest network� password. Don�t want the guest network to be open, or a chargeable service! Don�t want the guest network to be a WEP/WAP
MrSaffron � Ref your post
Batboy is right in that if the two networks are on the LAN side of the Cisco then they can be kept seperate, I've never disagreed with this.
I am being beligerent because the original poster was talking of the following setting
ADSL modem/router ----SHOPNETWORK----CISCO ROUTER WITH WIRELESS GUEST NETWORK
Thus the guest network traffic has to cover the shop network to reach the outside world. Have posted suggestions for setups that would avoid this.
Perhaps I am not explaining myself correctly, but have come across this situation on peoples networks and face to face they have understood me.
The reason for the original post was that the Linksys E-series are cable routers only. So just to clarify I could do this?
Use the orange router. With WIFI and DHCP disabled. Effectively as a ADSL modem.
Connect the Linksys or suchlike to one of the orange routers LAN ports. The shop LAN and Guest LAN both on the Linksys. With WIFI and DHCP enabled. Yes as you say double NAT�s, but would I if this was a LAN-LAN port connection?
Alternatively:
Use the orange router. With WIFI disabled. And attach a separate switch/AP for the shop to one LAN port and a separate AP for the Flat to the other LAN port? Don�t know what the implications are here!
Finally (for now!) when I started looking into this I did look at Belkin Playmax range of routers. These are ADSL and have the guest facility. But get very bad reviews! Any comments please?
|
|
|
|
The FON thing was just a response to the naysayers who doubted you could achieve what you wanted simply and cheaply. The FON router would not be what you want.
|
|
|
.... the naysayers who doubted you could achieve what you wanted simply and cheaply. Not at all. We just suggested it could be done more securely at the same cost.
Line One:- Zen - DrayTek Vigor 2600VG
Line Two:- EntaNet - DrayTek Vigor 2600
|
|
|
.... the naysayers who doubted you could achieve what you wanted simply and cheaply. Not at all. We just suggested it could be done more securely at the same cost.
He might disagree. I do.
|
|
|
BP1 - With ref to above Is this the 'AP isolation' you talk of. If fairly sure the current router does not have the 'AP isolation' feature.
In the wireless router advanced settings for configuring the wireless setup most routers have a setting called "'AP isolation" . My understanding of this is that when this feature is enabled this prevents the clients connected to the wireless AP on this router from having access to other client machines or network devices. You will of course have internet access.
Or in simple terms prevents one wireless client communicating with another wireless client I have seen this on most Linksys routers. Not to sure on the newer ones.
This setup worked perfectly for us as guest clients could not have access to any part of the network except for browsing the internet. Keep this in mind if you do find this feature because it will also prevent you from accessing the router settings wirelessly. If you do need to get into the guest router to alter settings then this can be done via a wired lan connection.
The one we originally used for this for guests was a Linksys WRT54G with the DDWRT firmware connected to the main internet router via a lan cable connected to the lan ports(Not WAN)
Regards
BP1
BTBroadband
"When everything's coming your way, you're in the wrong lane"
|
|
|
|
I did not say it couldn't be done, nor did I say it couldn't be done cheaply and easily.
I simply wanted to warn off the idea that the simple solution from the op would work flawlessly and be eminently secure as you were stating.
Your advice in this thread has been incorrect from a technical standpoint, irrelevant and distracting when trying to defend your view of networking, and as a consequence of these dangerous for the op.
Fortunately the OP appears to have picked up on the advice of the "naysayers" and is heading for a simple, cheap, and secure solution for his problem.
|
|
|
I did not say it couldn't be done, nor did I say it couldn't be done cheaply and easily.
I simply wanted to warn off the idea that the simple solution from the op would work flawlessly and be eminently secure as you were stating.
Your advice in this thread has been incorrect from a technical standpoint, irrelevant and distracting when trying to defend your view of networking, and as a consequence of these dangerous for the op. I disagree. Please explain?
|
|
|
I disagree. Please explain? Now there's a shock.
I have already explained, at length, why your statements regarding the relative safety of the solution proposed in the op are incorrect. Also MrSaffron, who I would credit with greater knowledge in this area than myself, has explained why your statements surrounding networking are technically incorrect. I would suggest he has done a far better job of explaining things than I.
Why should I flog a dead horse based on nothing more than "I disagree"
|
|
|
I disagree. Please explain? Now there's a shock.
I have already explained, at length, why your statements regarding the relative safety of the solution proposed in the op are incorrect. Also MrSaffron, who I would credit with greater knowledge in this area than myself, has explained why your statements surrounding networking are technically incorrect. I would suggest he has done a far better job of explaining things than I.
Why should I flog a dead horse based on nothing more than "I disagree"
I knew you couldn't back up your ridiculous statement. Put up or shut up.
|
|
|
.... the naysayers who doubted you could achieve what you wanted simply and cheaply. Not at all. We just suggested it could be done more securely at the same cost.
He might disagree. I do.
We certainly didn't doubt he could achieve what he wanted simply and cheaply.
Line One:- Zen - DrayTek Vigor 2600VG
Line Two:- EntaNet - DrayTek Vigor 2600
|
|
|
... nested quotes trimmed ... Not at all. We just suggested it could be done more securely at the same cost.
He might disagree. I do.
We certainly didn't doubt he could achieve what he wanted simply and cheaply.
Who's this "we"? There's only you,
|
|
|
Why should I flog a dead horse based on nothing more than "I disagree" I knew you couldn't back up your ridiculous statement. Put up or shut up.
So, just to be clear, your response to not making a counter argument for me to dispute and being pulled up on it is to complain that I haven't made a counter argument?
As I have already said, I have explained, in detail, elsewhere in this thread, why the points you have made are wrong. Someone else has made the same arguments as I have, although I admit they did a better job of explaining things than I did.
Give me some reason why you think I am wrong and I will make a counter point, oherwise all I will be able to do is repeat myself, and others, incessantly.
So "put up or shut up" indeed.
|
|
|
I knew you couldn't back up your ridiculous statement. Put up or shut up. As I have already said, I have explained, in detail, elsewhere in this thread, why the points you have made are wrong.
If that were true, it wouldn't be too hard for you to repeat them in a single post. Would it? 
|
|
|
If that were true, it wouldn't be too hard for you to repeat them in a single post. Would it? No, but that is not the point. You are asking me to dispute the indisputable. I cannot argue that you do not disagree with me, as you clearly do disagree with me. Give me a reason why you disagree with me and I can dispute that reason. If you want me to repeat my counter points then repeat the statement that they were counter points too. That shouldn't be too hard to do should it?
But as they have already been shown, from multiple angles, to be wrong, it would result in a circular argument.
If you want education on networking theories and practises then telling someone who is trying to offer help and advise to a third party that they are wrong is at best rude and counter productive.
A debate requires fresh points to be raised, otherwise it's just an unproductive argument.
Repeating myself for no good reason would make me the one turning it into an unproductive argument. I'd much rather steer the conversation towards a productive debate, even if I'm not very good at it at times.
So tell me why you think I'm wrong, and I shall enter into a debate, that hopefully will educate one or both of us, but otherwise I'm afraid I shall have to leave you non the wiser.
|
|
|
If that were true, it wouldn't be too hard for you to repeat them in a single post. Would it? No, but that is not the point. You are asking me to dispute the indisputable. I cannot argue that you do not disagree with me, as you clearly do disagree with me. Give me a reason why you disagree with me and I can dispute that reason. If you want me to repeat my counter points then repeat the statement that they were counter points too. That shouldn't be too hard to do should it?
But as they have already been shown, from multiple angles, to be wrong, it would result in a circular argument.
If you want education on networking theories and practises then telling someone who is trying to offer help and advise to a third party that they are wrong is at best rude and counter productive.
A debate requires fresh points to be raised, otherwise it's just an unproductive argument.
Repeating myself for no good reason would make me the one turning it into an unproductive argument. I'd much rather steer the conversation towards a productive debate, even if I'm not very good at it at times.
So tell me why you think I'm wrong, and I shall enter into a debate, that hopefully will educate one or both of us, but otherwise I'm afraid I shall have to leave you non the wiser.
Ok, you're obviously not going to put up, and I'm not surprised, so you know what to do...
|
|
|
you're obviously not going to put up And you never shut up, but it's a course of action that you should seriously consider.
|
|
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
|
|
|
For someone who has the text "attack the post not the poster" in their sig you are doing a very good job of making straw man arguments.
So lets see who is not "putting up" shall we.
the last reposte you made against me was No, I mean the FON router which manages this trick which, according to you, the Linksys router cannot - even though it is designed to do this and is manufactured by Cisco, the networking experts. To which I responded You assume the cisco is designed to exist in a multi-subnetted private network. I find this hard to believe. It has too many features to be targeted at the people who would have large enough networks to require separate WAPs, and not enough features to be targeted at businesses that have complex multi-subnetted, multi-firewalled networks.
I believe strongly that it is designed to exist as the sole router on a small network. As such why would it have the features you describe? Particularly as this would tread on the toes of Cisco's much more expensive equipment aimed at big businesses.
The FON is designed to exist within an existing network. As I say however I am not sure if it is safe, and would not trust it myself. But it is conceivable that it could protect the parent network.
It is a matter of designed purpose. Now I also did not say that the linksys could not be made to be safe! However I did say that I doubt doing so would be easy or straightforward. To which you have yet to make a counter point.
Make a counter point that I can dispute, and I shall dispute it. Tell me I'm wrong without justifying why and I shall just have to shrug my shoulders.
|
|
|
|
Your posts in this thread have been less than helpful.
|
|
|
For someone who has the text "attack the post not the poster" in their sig you are doing a very good job of making straw man arguments.
So lets see who is not "putting up" shall we.
the last reposte you made against me wasNo, I mean the FON router which manages this trick which, according to you, the Linksys router cannot - even though it is designed to do this and is manufactured by Cisco, the networking experts. To which I respondedYou assume the cisco is designed to exist in a multi-subnetted private network. I find this hard to believe. It has too many features to be targeted at the people who would have large enough networks to require separate WAPs, and not enough features to be targeted at businesses that have complex multi-subnetted, multi-firewalled networks.
I believe strongly that it is designed to exist as the sole router on a small network. As such why would it have the features you describe? Particularly as this would tread on the toes of Cisco's much more expensive equipment aimed at big businesses.
The FON is designed to exist within an existing network. As I say however I am not sure if it is safe, and would not trust it myself. But it is conceivable that it could protect the parent network.
It is a matter of designed purpose. Now I also did not say that the linksys could not be made to be safe! However I did say that I doubt doing so would be easy or straightforward. To which you have yet to make a counter point.
Make a counter point that I can dispute, and I shall dispute it. Tell me I'm wrong without justifying why and I shall just have to shrug my shoulders. I made no such claim that the router would exist in a multi-subnetted environment. Why would I? Why would it?
|
|
|
I made no such claim that the router would exist in a multi-subnetted environment. Why would I? Why would it? The suggestion in the OP was to place the Linksys in just such a network. You said this was safe, and defended this view based on the fact that it is a Cisco router. You then questioned my ability to assess the relative functionality of various networking devices by comparing the capability of a router (the linksys router) to a public wifi hotspot device (the FON router).
I explained that they function differently because they are designed to perform different functions.
You have only responded to this point when it has been taken entirely out of context because you accused me of being unable to "put up" and I refused to allow such a statement to remain uncontested.
|
|
|
I made no such claim that the router would exist in a multi-subnetted environment. Why would I? Why would it? The suggestion in the OP was to place the Linksys in just such a network. You said this was safe, and defended this view based on the fact that it is a Cisco router. You then questioned my ability to assess the relative functionality of various networking devices by comparing the capability of a router (the linksys router) to a public wifi hotspot device (the FON router).
I explained that they function differently because they are designed to perform different functions.
You have only responded to this point when it has been taken entirely out of context because you accused me of being unable to "put up" and I refused to allow such a statement to remain uncontested.
This is what I am querying:
I simply wanted to warn off the idea that the simple solution from the op would work flawlessly and be eminently secure as you were stating. Yes it would. Your advice in this thread has been incorrect from a technical standpoint, irrelevant and distracting when trying to defend your view of networking, and as a consequence of these dangerous for the op. In what way "dangerous"? Fortunately the OP appears to have picked up on the advice of the "naysayers" and is heading for a simple, cheap, and secure solution for his problem. Oh really, where does he say that?
|
|
|
This is what I am querying:I simply wanted to warn off the idea that the simple solution from the op would work flawlessly and be eminently secure as you were stating. Yes it would. No it would not. The shop network would exist on the WAN side of the linksys router, as such it would not, by design, offer any protection, of any sort, to the shop network. This is not a secure solution. Your advice in this thread has been incorrect from a technical standpoint, irrelevant and distracting when trying to defend your view of networking, and as a consequence of these dangerous for the op. In what way "dangerous"?
Had the op taken your advice he would have been left with an insecure network set up, and the belief that such a network was secure. A false sense of security is very dangerous. Fortunately the OP appears to have picked up on the advice of the "naysayers" and is heading for a simple, cheap, and secure solution for his problem. Oh really, where does he say that?
He doesn't say that directly, but he has made it clear that he has decided against the solution that he originally asked about, and that he was looking at an alternative, more secure solution. Although it is worth pointing out that he has not yet said that he has settled on a final solution, and has asked further questions, that have as yet gone unanswered. Probably due to the noise being generated elsewhere within the thread.
|
|
|
This is what I am querying:I simply wanted to warn off the idea that the simple solution from the op would work flawlessly and be eminently secure as you were stating. Yes it would. No it would not. The shop network would exist on the WAN side of the linksys router, as such it would not, by design, offer any protection, of any sort, to the shop network. This is not a secure solution.
Wireless isolation Your advice in this thread has been incorrect from a technical standpoint, irrelevant and distracting when trying to defend your view of networking, and as a consequence of these dangerous for the op. In what way "dangerous"?
Had the op taken your advice he would have been left with an insecure network set up, and the belief that such a network was secure. A false sense of security is very dangerous.
password protection Fortunately the OP appears to have picked up on the advice of the "naysayers" and is heading for a simple, cheap, and secure solution for his problem. Oh really, where does he say that?
He doesn't say that directly, but he has made it clear that he has decided against the solution that he originally asked about, and that he was looking at an alternative, more secure solution. Although it is worth pointing out that he has not yet said that he has settled on a final solution, and has asked further questions, that have as yet gone unanswered. Probably due to the noise being generated elsewhere within the thread.
It's still the best solution recommended.
Perhaps you could recommend a better one?
|
|
|
Wireless isolation As explained already elsewhere, multiple times, this will only protect the LAN segment of the linksys router. As the shop would exist on the WAN side of the router it would not be protected by wireless isolation on the linksys router. password protection Is great for secure services, but without a decent firewall there are a great many insecure services on most computers (including Linux computers) and so this suggestion is at best an irrelevant distraction from the issue. It's still the best solution recommended.
Perhaps you could recommend a better one? The alternative solution from the OP of buying a new router with the wireless isolation and an ADSL modem built in to replace his existing ISP supplied router is a better solution. Indeed it is the solution the OP has already suggested he is looking into.
For what it is worth I would suggest getting a draytek router. It is a little more than most routers, but it has many features that lend themselves to making a secure multi-segmented network. Including a sort of VLAN implementation that would allow wired LAN segmentation as well as wireless LAN segmentation.
But then the implication you keep making that I do not know what I am talking about probably precludes taking that advice.
|
|
|
Perhaps you could recommend a better one?
technically, FON is a better solution. (or btopenzone , or cloud )
|
|
|
Wireless isolation As explained already elsewhere, multiple times, this will only protect the LAN segment of the linksys router. As the shop would exist on the WAN side of the router it would not be protected by wireless isolation on the linksys router.
Who said anything about the shop network being on the WAN? password protection Is great for secure services, but without a decent firewall there are a great many insecure services on most computers (including Linux computers) and so this suggestion is at best an irrelevant distraction from the issue.
The password protection allows many guests and passwords which is ideal for a hotel system It's still the best solution recommended.
Perhaps you could recommend a better one? The alternative solution from the OP of buying a new router with the wireless isolation and an ADSL modem built in to replace his existing ISP supplied router is a better solution. Indeed it is the solution the OP has already suggested he is looking into.
For what it is worth I would suggest getting a draytek router. It is a little more than most routers, but it has many features that lend themselves to making a secure multi-segmented network. Including a sort of VLAN implementation that would allow wired LAN segmentation as well as wireless LAN segmentation.
that sounds real easy for a beginner to set up lol But then the implication you keep making that I do not know what I am talking about probably precludes taking that advice. You started flinging the insults around mate, not me.
|
|
|
You started flinging the insults around mate, not me. Ok, you're obviously not going to put up, and I'm not surprised
|
|
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
|
|
|
|
Are you seriously suggesting it is no longer possible to have a sensible discussion on this forum???
|
|
|
Who said anything about the shop network being on the WAN? As I said, and MrSaffron said, the setup described in the OP using the Linksys router would have placed the shop network on the WAN segment of the Linksys router. It is not on the WAN but is considered to be so by the Linksys router. Hence the abject lack of security for the shop network. The password protection allows many guests and passwords which is ideal for a hotel system But the issue here is the lack of security for the shop network using the set up you suggest is safe. The password protection for the wireless network is not the problem, it is the fact that once on that network the "guest" if so inclined could wreak havoc on the shop network. that sounds real easy for a beginner to set up lol Actually it's not that difficult. It may not be easy for a complete novice with no help, but could be done by a complete novice with the help of people on this forum without too much difficulty, and as the OP has demonstrated his willingness, and ability, to seek help on this forum, I am sure he would be able to get it set up as he needed it to be. You started flinging the insults around mate, not me. Apparently you do not understand the meaning of "implication". I am not saying that you have stated any insult. I am saying that your repeated questioning of what I am saying, and constant, unfounded, insistence that I am wrong implies that I do not know what I am talking about.
And how, pray tell, did I start flinging the insults about?
|
|
|
Who said anything about the shop network being on the WAN? As I said, and MrSaffron said, the setup described in the OP using the Linksys router would have placed the shop network on the WAN segment of the Linksys router. It is not on the WAN but is considered to be so by the Linksys router. Hence the abject lack of security for the shop network.
So tell it to the OP. Why tell me? The password protection allows many guests and passwords which is ideal for a hotel system But the issue here is the lack of security for the shop network using the set up you suggest is safe. The password protection for the wireless network is not the problem, it is the fact that once on that network the "guest" if so inclined could wreak havoc on the shop network.
That's a consequence of you not explaining the risk to the OP, instead telling me, as if I care that sounds real easy for a beginner to set up lol Actually it's not that difficult. It may not be easy for a complete novice with no help, but could be done by a complete novice with the help of people on this forum without too much difficulty, and as the OP has demonstrated his willingness, and ability, to seek help on this forum, I am sure he would be able to get it set up as he needed it to be.
The same is true of using the Linksys, or any other solution, obviously You started flinging the insults around mate, not me. Apparently you do not understand the meaning of "implication". I am not saying that you have stated any insult. I am saying that your repeated questioning of what I am saying, and constant, unfounded, insistence that I am wrong implies that I do not know what I am talking about.
Do you know anything at all about the linksys router in question? And how, pray tell, did I start flinging the insults about? I don't recommend you relying on other people's posts 
|
|
|
So tell it to the OP. Why tell me? Because you're the one who keeps insisting it's safe. That's a consequence of you not explaining the risk to the OP, instead telling me, as if I care If you don't care why do you keep defending your position? You stated that the described solution is safe and secure, and myself, and several others, have pointed out that this is not so. Why keep telling us we're wrong unless you care? The same is true of using the Linksys, or any other solution, obviously Yes, but not in the way originally described by the OP, hence the repeated statements that it would not be safe, which you insist upon trying to debunk Do you know anything at all about the linksys router in question? More than I would like, having had to research it in an attempt to show you how wrong you were, and still are. I don't recommend you relying on other people's posts I'm not. I'm asking a direct question. I could even at this stage tell you to "put up or shut up" but that would be crass.
|
|
|
So tell it to the OP. Why tell me? Because you're the one who keeps insisting it's safe
Which it is That's a consequence of you not explaining the risk to the OP, instead telling me, as if I care If you don't care why do you keep defending your position? You stated that the described solution is safe and secure, and myself, and several others, have pointed out that this is not so. Why keep telling us we're wrong unless you care?
So tell the OP The same is true of using the Linksys, or any other solution, obviously Yes, but not in the way originally described by the OP, hence the repeated statements that it would not be safe, which you insist upon trying to debunk
So tell the OP Do you know anything at all about the linksys router in question? More than I would like, having had to research it in an attempt to show you how wrong you were, and still are.
If you believe that, take it up with Cisco. Explain to them the problems you have manufactured and see if they can figure out a way round them. I don't represent Cisco I don't recommend you relying on other people's posts I'm not. I'm asking a direct question. I could even at this stage tell you to "put up or shut up" but that would be crass.
On the contrary, it would just continue the situation in this entire thread where you all make outrageous claims without backing them up and I have to drag the reasons out of you all.
|
|
|
Well this subject has been knocked about somewhat, and it has probably been mentioned, but what you're looking for is a seperate network for your guests.
We seem to be talking either VLANs or multiple wifi access points /multiple wifi LANs (with security thrown in).
I suggest you take a peek at:
http://www.smallnetbuilder.com/wireless/wireless-rev...
http://www.broadbandbuyer.co.uk/Shop/ShopDetail.asp?...
http://www.wi-fiplanet.com/reviews/AP/article.php/39...
I'm sure if it isn't suitable, someone here will tell me.
~~~~~~~~~~
© Camieabz 2002-2011 - All rights and lefts reserved.
report this link |
|
|
Which it is No it isn't. The linksys router is not designed to protect network equipment outside it's LAN segment, and so the solution as proposed would not be safe for the shop network. So tell the OP But the OP is not the one belligerently insisting upon something that is clearly incorrect. You are. I am rather hoping you will learn something about how networking equipment actually works, instead of how you seem to believe it ought to work. If you believe that, take it up with Cisco. Explain to them the problems you have manufactured and see if they can figure out a way round them. I don't represent Cisco I imagine Cisco's response would be something along the lines of "this method of operation is not supported" or possibly "this product is not designed to protect the WAN segment" or some other such phrase which would confirm that the linksys router is not designed to work in the manor you seem to want to believe it is designed to work. On the contrary, it would just continue the situation in this entire thread where you all make outrageous claims without backing them up and I have to drag the reasons out of you all. Several people have made it perfectly clear to everyone apart from, apparently, you that the linksys router would not be suitable in the set up described in the OP.
I have seen no evidence of you having to "drag" anything out of anyone.
I have seen you, however, sidestep several points, misrepresent issues raised, bring irrelevant distractions into the conversation, and generally refuse to acknowledge any possible fallibility on your part. Oh yes, and not to forget completely refusing to respond to some of the points raised against you.
|
Pages in this thread: 
Print Thread
