Real world subnetting question

Discussion in 'General Cisco Certifications' started by datarunner, Aug 5, 2008.

  1. datarunner

    datarunner Byte Poster

    245
    1
    24
    Aug 5, 2008 #1
    Remove Advertisement - Premium Membership
    hi all

    a customer has a wireless connection (provided by broadband) which is used for point of sale equipment (POS)

    Can he subnet his IP to include a network for public (premises users) internet access which will keep both networks separate and secure?

    info appreciated
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  2. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Aug 5, 2008 #2
    Remove Advertisement - Premium Membership
    Depends, does the wireless device support multiple SSIDS?

    Also you could install a firewall device with two interfaces and patch a WAP into each interface and this should secure both wireless networks if access rules are configured correctly.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  3. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Aug 5, 2008 #3
    what do you install for this situation sparks?
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  4. datarunner

    datarunner Byte Poster

    245
    1
    24
    Aug 5, 2008 #4
    hi buddy

    looks as if its a pub or something with probably a basic router - will get router make / model n let u know

    once again thanks for your superb input

    cheers
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  5. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Aug 5, 2008 #5
    Some Cisco WAPs support multiple SSIDs. Basically you can assign each wireless network to a VLAN and configure security policies for each network.

    Probably too pricey for this kinda network though. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  6. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Aug 5, 2008 #6
    No probs mate. If the router isnt suitable you could go for a device that supports ADSL with a four port switch and also a DMZ port.

    You could then patch in a WAP to the DMZ port and this would be the public network. Hopefully by default the DMZ cannot access the LAN with the POS equipment on it, if not you can configure a access rule to do this. Patch in another WAP into the LAN port (one of them) and you can use the POS equipment as before.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  7. datarunner

    datarunner Byte Poster

    245
    1
    24
    Aug 5, 2008 #7
    So can it be done on a basic router?

    cheers
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  8. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Aug 5, 2008 #8
    thanks for the input sparks :thumbleft
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  9. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Aug 5, 2008 #9
    You can get a firewall which has a DMZ port and patch in two WAPs which shouldnt cost too much.

    I take it you have a budget for this project? :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  10. datarunner

    datarunner Byte Poster

    245
    1
    24
    Aug 5, 2008 #10
    not sure about a budget as it was just someone who was asking

    so is the subnetting on a single router idea out of the question? if so wot equipment would u recommend?

    i see that linksys are now part of cisco and wondered if their routers could do this via their profile utility ie 1 profile for POS and 1 for customers

    sorry if my questions seem dumb

    cheers
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  11. datarunner

    datarunner Byte Poster

    245
    1
    24
    Aug 5, 2008 #11
    Hi all

    OK ive came up with a basic solution

    have a look here

    let me know wot u think
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  12. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Aug 5, 2008 #12
    You will be able to connect to both WAPs but they will still be on the same LAN which is a security risk. I believe the Linksys WRT300N has a ADSL interface and a 4 port switch so the second WAP is going to be plugged into that so basically you are connecting everything together with no security.

    Probably the cheapest way to get this setup is to buy a firewall with a LAN and DMZ interface. Basically this means you can patch a WAP into each interface and configure it as needed, one can be public (for general web browsing) and one can be private for the POS equipment.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  13. datarunner

    datarunner Byte Poster

    245
    1
    24
    Aug 5, 2008 #13
    OK so can u recommend a firewall?

    sorry to bother u

    cheers
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  14. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Aug 6, 2008 #14
    I noticed you work for an IT company, is there not a particular brand of firewall that you would use? If so if one has two interfaces, one for LAN and one for the DMZ, and also supports ADSL then you could use that with two WAPs.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  15. datarunner

    datarunner Byte Poster

    245
    1
    24
    Aug 6, 2008 #15
    hi buddy

    yeah i do tech support for a friends company and just got asked this question last nite. my real world networking skills arent that good so im basically learning from more experienced people.

    have a look at this:

    http://www.ebuyer.com/product/128074

    so plug 2 waps into it, one into the dmz

    regards
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  16. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Aug 6, 2008 #16

    Yup,that should work mate.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  17. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    Aug 6, 2008 #17
    datarunner,

    What are the geometric dimensions of the store?
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  18. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    Aug 7, 2008 #18
    I hope your going to get some sort of consultancy fee for this project ;)
     
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...