    Hello guys,

    This is my first post in this forum!
    I would like to ask your advice for a network configuration for a building. The facts are the following:

    I have a leased network line coming from "somewhere". Let's call it 'lineX' The following devices want to connect to this lineX: The PC of a shop in the building, the public (visitors of the building), 4 PCs that do a specific job. All of them need to be connected on the lineX wirelessly. The shop and 4 PC wireless connections should be secure. The public wireless connection might be or might not. Right now the setup is like this: the lineX is connected to a router/switch. This is connected wired with 4 access points. The shop, the 4 PCs and the public are connected wirelessly to these AP. All of them are using the same network. So, now the owner of the building wants to make the network more secure and replace the equipment. The current equipment is extremely cheap.

    *** So, I was thinking the following: Create 3 different VLANs. One for the public, one for the shop and one for the 4 PCs. Based on the SSID each device will be connected to the appropriate VLAN. Also assign different VLANs on different ports on the router (just in case someone wants to get connected using a wire). Is this solution with the VLANs and the multiple SSID a good one? Am I missing something?

    *** I also want to ask something else: Is it a good idea to leave the router to do the DHCP? Because the public be able access to the LineX there might be more than 20-30 devices requesting IP configuration from the router. Should I consider putting a PC as DHCP server? If it's better to have a separate PC for the DHCP should I replace the router with a switch? From what I read it is possible to serve multiple VLANs with one DHCP server by using the IP-Helper function of the switch and making it point to the DHCP server. Is this right? I have also been told that if you want to have domains inside your network(so u need a DNS server) it is better and most flexible to have a PC as a DHCP. Is this true? And why?

    *** The lineX most likely will also provide internet access. So, we want to block the access to some sites and services like P2P programs, torrents, porn websites, warez websites etc. That is the best way of doing this? Some people told me using a Proxy Server. But how the proxy server fit in the whole equation? And what if I want to only filter the traffic of the two of three vlans?

    *** And finally I want to ask you to also suggest me equipment what supports what I want to achieve (APs with multiple SSID and VLAN support, switch/router with VLAN support etc).
    Thank you for your time and I am really sorry for this very long post.


    While this is not a particularly uncommon scenario, there are multiple ways of achieving what you want, each of which have their benefits and drawbacks depending on the exact business requirements. Given your post it sounds like you are relatively inexperienced at networking. I would therefore recommend that you seek assistance from a local consultant who would work with you to develop the system that's right for you.
