Isolating guest network from the rest of the network.


Recommended Posts

Hi,

 

For our office we have a wired network connected to many drives and servers for our archives and management.

Using a Netgear  wnr3500l i am trying to make a guest wireless network that would only give acess to internet,isolating those client from the rest of the

network.

 

Using the guest network option i tried different setup but for some reason i can still acess driver and computer from the Lan network.

even with network isolation clicked i can still acess all of the network.

 

owwYsCM.png

 

Is it even possible to do so with a wnr3500l?

 

Thank you for any help, it is driving me mad.

Link to comment
Share on other sites

yes,  i connected to the new wireless network with a new computer,  typed the adress of the archives server (192.168.2.201) and it let me in.

Link to comment
Share on other sites

The best way to do that is to use a different solution.  creating a network just for guest access that cannot talk to the other network or purchasing another service that you can use for guest only access. 

 

You can separate the networks on the firewall level if you have a firewall that supports multiple networks (one nic per network) giving a higher, more secure, level to your data network and a lower, less secure, level to your guest network.

 

You will need a separate ssid for your guest, but physical separation would be the best way to accomplish this...this can also be done with vlans but requires a bit more advanced knowledge.

Link to comment
Share on other sites

So this new computer was only connected to the guest network.  Can you draw up how this wireless router is connected to your network and where the rest of your network is?

 

Is this a ma and pop shop with like 3 users in it.. Why would a company be using router barely suited for home use in a business setup?

 

Where does the wan of this netgear connect?  Where are the servers located and connected?

 

If the servers are on the wan side then guest is not going to do anything for you.  The netgear would have to be your edge router and servers connected to lan ports on this router or via downstream switches connected to this "HOME" router..

Link to comment
Share on other sites

the net gear seem to not be suited for the job indeed ,i just plugged it to our main switche,which is feeded by a much better watchguard router.

i guess i should work from the watchguard router and make a vlan from one of the port and then plug my netgear router in the said port.

Link to comment
Share on other sites

Its fine if you were in a home where that was your only router.  You say you plugged it into your main router - via what its wan interface.. Then yeah guest prevents access to devices on its lan interfaces, but guest allows all access to stuff on the wan.

 

What I would suggest is you get a real AP that supports vlans, etc.  IE one better suited for a business setup - you could get something as cheap as the $70 unifi entry level AP.  Or you could go with the pro model for $200, etc.  It supports up to 4 ssid on each radio, pro has both 2.4 and 5ghz radios.  While the $70 model only has 2.4

 

You then put a vlan on your ssid you want as guest and per your setup on your network limit this vlan to only the internet, etc..

Link to comment
Share on other sites

The Guest mode creates a VLAN locally on the Netgear to separate your guest traffic but it's dumb to VLAN trunking etc. Isolation mode for Netgear products just attempts to stop all wireless clients from communicating with each other on that SSID. When the traffic leaves the Netgear it will be untagged so your guest clients and LAN/Wifi clients will still be able to communicate with each other via your other network hardware. The guest feature would only work if the Netgear was the gateway device, DHCP server (which I would not advise as you seem to have proper hardware availible) as well as the access point.

 

I'm afraid that with Netgear's firmware you're not going to be able to achieve what you want and the DD-WRT options for your model are either unstable for VLAN support or not availible.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.