1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Real world subnetting question

Discussion in 'General Cisco Certifications' started by datarunner, Aug 5, 2008.

  1. datarunner

    datarunner Byte Poster

    245
    1
    24
    hi all

    a customer has a wireless connection (provided by broadband) which is used for point of sale equipment (POS)

    Can he subnet his IP to include a network for public (premises users) internet access which will keep both networks separate and secure?

    info appreciated
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Depends, does the wireless device support multiple SSIDS?

    Also you could install a firewall device with two interfaces and patch a WAP into each interface and this should secure both wireless networks if access rules are configured correctly.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    what do you install for this situation sparks?
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  4. datarunner

    datarunner Byte Poster

    245
    1
    24
    hi buddy

    looks as if its a pub or something with probably a basic router - will get router make / model n let u know

    once again thanks for your superb input

    cheers
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Some Cisco WAPs support multiple SSIDs. Basically you can assign each wireless network to a VLAN and configure security policies for each network.

    Probably too pricey for this kinda network though. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    No probs mate. If the router isnt suitable you could go for a device that supports ADSL with a four port switch and also a DMZ port.

    You could then patch in a WAP to the DMZ port and this would be the public network. Hopefully by default the DMZ cannot access the LAN with the POS equipment on it, if not you can configure a access rule to do this. Patch in another WAP into the LAN port (one of them) and you can use the POS equipment as before.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  7. datarunner

    datarunner Byte Poster

    245
    1
    24
    So can it be done on a basic router?

    cheers
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  8. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    thanks for the input sparks :thumbleft
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  9. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    You can get a firewall which has a DMZ port and patch in two WAPs which shouldnt cost too much.

    I take it you have a budget for this project? :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  10. datarunner

    datarunner Byte Poster

    245
    1
    24
    not sure about a budget as it was just someone who was asking

    so is the subnetting on a single router idea out of the question? if so wot equipment would u recommend?

    i see that linksys are now part of cisco and wondered if their routers could do this via their profile utility ie 1 profile for POS and 1 for customers

    sorry if my questions seem dumb

    cheers
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  11. datarunner

    datarunner Byte Poster

    245
    1
    24
    Hi all

    OK ive came up with a basic solution

    have a look here

    let me know wot u think
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  12. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    You will be able to connect to both WAPs but they will still be on the same LAN which is a security risk. I believe the Linksys WRT300N has a ADSL interface and a 4 port switch so the second WAP is going to be plugged into that so basically you are connecting everything together with no security.

    Probably the cheapest way to get this setup is to buy a firewall with a LAN and DMZ interface. Basically this means you can patch a WAP into each interface and configure it as needed, one can be public (for general web browsing) and one can be private for the POS equipment.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  13. datarunner

    datarunner Byte Poster

    245
    1
    24
    OK so can u recommend a firewall?

    sorry to bother u

    cheers
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  14. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    I noticed you work for an IT company, is there not a particular brand of firewall that you would use? If so if one has two interfaces, one for LAN and one for the DMZ, and also supports ADSL then you could use that with two WAPs.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  15. datarunner

    datarunner Byte Poster

    245
    1
    24
    hi buddy

    yeah i do tech support for a friends company and just got asked this question last nite. my real world networking skills arent that good so im basically learning from more experienced people.

    have a look at this:

    http://www.ebuyer.com/product/128074

    so plug 2 waps into it, one into the dmz

    regards
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  16. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319

    Yup,that should work mate.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  17. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    datarunner,

    What are the geometric dimensions of the store?
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  18. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    I hope your going to get some sort of consultancy fee for this project ;)
     
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal

Share This Page

Loading...