Thread: Separating Wired and Wireless Networks
View Single Post
  #9   Report Post  
Posted to uk.d-i-y
David.WE.Roberts David.WE.Roberts is offline
external usenet poster
  
Posts: 569
Default Separating Wired and Wireless Networks
On Thu, 01 Aug 2013 09:10:24 +0100, thescullster wrote:

Hi all

OK so this is maybe a bit OT for the group, but here goes.

I've never been a fan of wireless, so cabled the house up with Cat 5 to
a number of rooms. There are clearly now numerous devices that will
only connect wirelessly and I am under pressure to add a WAP.

I've inherited a Netgear DG834G wireless router, our existing network
uses the wired version of this device. I have set up the wireless
router as a WAP OK, but wondered if it is possible to configure it as a
DHCP server with a different address range to the wired router.

Not sure how much security this would add, but I'm inclined to do as
much as possible to separate the wireless network from certain wired
devices. The SSID of the WAP is hidden and MAC address filtering on
that router is in place.

Anyone setup a separate wired and wireless network?

TIA

Phil

Set one up a long while back, but not recently. So I am well out of date :-
)

Back in the day you needed three things to create the setup you seem to
want - the classic De Militarised Zone or DMZ.

(1) Internet facing (firewall) router - any old NAT router will do. The
connects to the outside world and to the internal DMZ.

(2) House router with all your current cabled devices - this connects on
one side to the DMZ and on the other side to the house LAN.

(3) Wireless router - connects to the DMZ on one side and wireless devices
on the other.

The idea is that all your routers will not take incoming calls from the
WAN side, only call out from the LAN side.

So any wireless devices can call into the DMZ then out through the
firewall router to the Internet, but cannot call into the DMZ and then
into the house LAN router.

Same applies to calling from the house LAN to a wireless device.

Each router can run its own subnet and be a DHCP server for that subnet.
The nice thing about NAT is that it takes a single IP address on the WAN
side and maps all the different LAN IP addresses to and from that.

So in theory you can have a row of NAT routers all onto the same LAN each
with only one IP address, or you can cascade the NAT routers in a tree
structure.

Each router runs its own environment and shouldn't be dependant on any
other device apart from the one providing its WAN IP address.

Cheers

Dave R
Reply With QuoteReply With Quote