Secure wireless network


Recommended Posts

Hi everyone, recently i have gotten my company 3 pcs of linksys E2500 wireless router. Currently what i am trying to do is to create two seperate network one internal and one external for internet only. The internal wireless will need to authenticate through AD inorder to get access to internal resources. I have connect the wireless router to the firewall with a different IP range through one of the available port. i have then configured the firewall to allow DHCP and connect the cable to the linksys WAN port, and configure some of the firewall policies for the authenticatoin and routing. Everything seems working but further testing with the Guest mode (offering from linksys E2500) i notice that the Guest mode will be able to access internal resource with the authentication. and the worse is as long as there is one person authenticated the guest mode will be able to access internal network. I then realize the setup is wrong because the wireless is in NAT mode and both the guest and normal wirelss profile route to the same IP address. If i was to make use of the LAN port only or use RIP instead of NAT then Guest mode will not be available and i will stuck with one SSID.

I will be able to achieve what i want if the router is capable of doing Vlan ID, which most of the AP has this feature. In the E2500 i am not able to find this feature. Any suggestion guys? How do i secure the wirelss network with something similiar setup? Or is there any other better way? Thank you.

Link to comment
Share on other sites

why are you using pos soho equipment for this. get a good access point or two that support vlans and multiple ssids...it would have costed about the same as your setup that you are trying to create.

maybe an aironet 1200 or 1100 series would work for you. Get the AP model not the LAP model, you will see that in the model number. LAP requires a wireless controller, which is why they are cheaper in most cases. A wireless controller starts at around $1100, so it isn't very cost effective if that is what you are trying to be.

Link to comment
Share on other sites

Currently i cant spend much and hence i have chosen the consumer products. Is multiple SSID a feature that does not belong to wireless router? So far i can only see it in access point. As for the wireless controller we already have one which is part of the firewall feature but the AP is off our budget :(

Link to comment
Share on other sites

Currently i cant spend much and hence i have chosen the consumer products. Is multiple SSID a feature that does not belong to wireless router? So far i can only see it in access point. As for the wireless controller we already have one which is part of the firewall feature but the AP is off our budget :(

The reason there's a cost difference between consumer routers and enterprise is for the features you are requesting. Which normal home user would need multple SSIDs and VLANs and all that? Most people want their iPad and their Desktop and Laptop to all talk to each other so no need to VLAN and multiple SSIDs would just confuse them.

You don't have to go all crazy, tell boss however that if he wants X he's gotta spend $$ for it. No you can't buy a Ford and tweak it to run like a Ferrari!

Link to comment
Share on other sites

Could look at custom firmware solutions to see if 1) those routers are supported and 2) if they have the features you need.

DD-WRT, OpentWRT, Tomato/TomatoUSB/Toastman builds are all good examples of custom firmware.

Link to comment
Share on other sites

The reason there's a cost difference between consumer routers and enterprise is for the features you are requesting. Which normal home user would need multple SSIDs and VLANs and all that? Most people want their iPad and their Desktop and Laptop to all talk to each other so no need to VLAN and multiple SSIDs would just confuse them.

You don't have to go all crazy, tell boss however that if he wants X he's gotta spend $$ for it. No you can't buy a Ford and tweak it to run like a Ferrari!

The old Prolink cheap AP has most of the feature but i think mainly is my mistake to get the wrong product.

Could look at custom firmware solutions to see if 1) those routers are supported and 2) if they have the features you need.

DD-WRT, OpentWRT, Tomato/TomatoUSB/Toastman builds are all good examples of custom firmware.

tomato etc is compatible for linksys E2500? sorry i am new in this custom firmware.

Link to comment
Share on other sites

No that E2500 kind of a red headed step child.. Came out while ago as well apr 2011 I believe - never took off. I don't see it support by either dd-wrt (states WIP) Tomatousb does not have support for it either. Even openwrt doesn't show it supported or even being worked on.

So your pretty much out of luck with that for 3rd party.

I just do not understand why anyone would buy a wireless router these days that is not fully supported by the 3rd party community.. There are plenty to buy that are - Its like going to buy a car. And buying a car that you could only buy gas from the dealer. Why would you limit yourself like that?

Link to comment
Share on other sites

What part of WIP do you feel means its supported?

post-14624-0-07638600-1330432643_thumb.j

WIP = Work In Progress (Located under version). Sometimes we need the hardware to do the port. So feel free to contact Sash via e-mail and provide us with the hardware so we can get this started!

Read this thread

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=671127&sid=e912119cf3eb9c52ae1667401255749a

Looks like some people are working on it, but switch doesn't work - but you might be able to contact fractal in that thread for a working copy and install instructions if you don't need the switch ports to work?

Link to comment
Share on other sites

Being that it is an Broadcom chip and not Atheros, the chance is there that eventually Tomato variants will support it since I've read that the Asus RT-N12 vB1 uses the same chip so eventually maybe but as an immediately solution, hope that you can find a DD-WRT build that works enough to suit your needed and research which soho routers have custom firmware support if you ever plan on going this route again.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.