This is a general guide at the moment. It's an easy enough project if you understand what you are doing, but if you did I guess you might not be reading this.
The project is to allow guest users internet access (in a bar, but it could be anywhere) without allowing them access to the private network of office computers, tills, etc. This can be done by sharing a single broadband ADSL (or cable) connection.
At the heart of this project is the router, what it does and the concept of network topology (Don't panic!). I'll keep this in plain language as far as possible.
A Routers primary job is to route traffic from one network to another. Note that routers have a WAN port and LAN ports - The WAN port is for connection to other networks (eg. the internet). Routers typically have a firewall built-in, along with NAT (Network address translation). In effect this means that all traffic originating from the LAN behind the router appears to come from the router. It also means that the LAN is protected from unsolicited inbound traffic by the routers onboard security. Still with me? If not read this last paragraph again before continuing.
In a typical SOHO situation we have a single ADSL (or cable) router which issues DHCP addresses to all the devices on the LAN and acts as a gateway to the internet. All devices on the LAN will be discoverable by each other. If we allow our guest users access to this LAN then they'll be able to see our private computers which poses a security risk. Not recommended.
The solution, is to use multiple routers (2 required at least) and setup them up as follows:
Router 1 - Primary connection to the internet. All public (guest) access is via this router. If it has wifi then make it public, or you can attach a wifi access point and make this public.
Router 2 - Our private network. Attach the WAN port of this router to an available LAN port on Router 1, and attach our private network computers to the LAN ports on router 2. Router 2 should be setup to issue DHCP addresses in a different network address range from router 1 (see example addresses below). The WAN port should automatically pickup an address from router 1.
EXAMPLE ADDRESS RANGES FOR PUBLIC / PRIVATE ROUTERS
Router 1 - Set DHCP to issue addresses 192.168.0.1 - 192.168.0.255
Router 2 - Set DHCP to issue addresses 192.168.10.1 - 192.168.10.255
You will have to consult your equipment manuals for details on how to achieve the above specifically. If you want private wifi access you'll need to attach another wifi access point to router 2 (or purchase one with on-board wi-ifi).
Hope this helps...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment