Announcement

Collapse
No announcement yet.

2 Networks both Running DHCP connected to each other

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2 Networks both Running DHCP connected to each other

    Sounds Crazy.

    I have a client (local Church) that asked if I could install a campus wide Open WIFI for their members, and they didn't want the clients to be attached or able to back track into the churches network/server. They have a SBS 2008 server which houses financial data and other sensitive materials. So I made a separate network on their Watchguard firewall hooked it to a Untangle web-filter and then to a POE switch which connects to all Access points throughout their campus. On the Untangle box we run a captive portal with a custom log in. All was running perfect and their clients are happy, but the staff started to bring in iPads, laptops, multi media devices and started connecting to the free WIFI and trying to connect to their data and finical software on the server which is split from the church network. Well I was asked by several high up officials why cant we connect and after all of this money has been spent we cant use it for church use.
    Both networks are running DHCP and are on different switches.

    My question to you guys, is their a way to make an extra SSID on the Enginus EAP300 access points (11 of them) and have that SSID send traffic to the church network without having 2 DHCP servers interfering with each other, or having guests that can ip-scan and find the server compromising the network security. I feel as soon as a network cable is connected to both switches both DHCP servers will start causing all shades of issues.

    We have a layer 1 (smart switch) Netgear POE switch on the free WIFI network and a layer 1 switch on the Church network.

    Is my best option to just tell them no way to make it work, with out installing a separate wireless network. They are on a very tight budget.

    Please don't say use a VPN or use local static IPs and turn off DHCP it would be a nightmare to administer, so many different devices and all kinds of different levels of user frustration to deal with.

    Thanks,
    Thomas S.

  • #2
    Re: 2 Networks both Running DHCP connected to each other

    you need VLANS.

    http://engeniusforum.com/viewtopic.php?f=22&t=146

    configure two SSIDs on the WAP.
    configure vlans on the sonicwall, or the netgear switch.
    put each SSID in a separate vlan (I'd recommend using the native vlan for the corporate network, it's just easier.)

    ensure you don't route between the two vlans.

    the sonicwall should be capable of doing this, just ensure the port the wap is connected to is a "trunk" port and carries both vlans.


    this way, you can manage the WAP on the native vlan from the corporate network, but traffic coming from GuestSSID gets taged "vlan100" or whatever, passed up the trunk to the Sonicwall, then pushed out the public interface.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: 2 Networks both Running DHCP connected to each other

      Originally posted by tehcamel View Post
      you need VLANS.

      http://engeniusforum.com/viewtopic.php?f=22&t=146

      configure two SSIDs on the WAP.
      configure vlans on the sonicwall, or the netgear switch.
      put each SSID in a separate vlan (I'd recommend using the native vlan for the corporate network, it's just easier.)

      ensure you don't route between the two vlans.

      the sonicwall should be capable of doing this, just ensure the port the wap is connected to is a "trunk" port and carries both vlans.


      this way, you can manage the WAP on the native vlan from the corporate network, but traffic coming from GuestSSID gets taged "vlan100" or whatever, passed up the trunk to the Sonicwall, then pushed out the public interface.

      So I can do this

      SSID Free WIFI Vlan 100
      SSID Church Vlan 200
      Network Cable to switch
      Switch 1 Lets say its plugged into port 1 Vlan both 100 and 200 on the switch
      Then take lets say port 24 on the switch Vlan it to only pass 200 traffic to the AP from switch 2 which is the church network.

      Comment


      • #4
        Re: 2 Networks both Running DHCP connected to each other

        more or less, yes.

        However - for simplicity, I'd leave Church VLAN on vlan1 (otherwise you have to go and change the native vlan on everything.)

        on the switch, you would have port 24 as Trunk, allowing VLAN1 and VLAN200, which would connect to the Sonicwall.
        You would also have port 23 as a trunk, allowing vlan1 and vlan200, which connects to the AP.

        the other ports on the switch would all be vlan1 (no tagging should be neccesary as
        it's native.)
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment

        Working...
        X