WiFi networking questions

[Pete Prodoehl]

Networking experts, I could use some help.

At our small office we've got a wireless router that's used by less than 20 people, and when we have guests/clients who need to use the wifi, we just log in for them, which gives them access to the Internet, but also to our printers, servers, etc.

I'd like to get things set up so we have two different "networks" let's call one "OFFICE" and one "GUEST" for now.

So how do I add this GUEST network that will allow guests/clients to use the wifi but not be able to access anything on our network?

I can get a second router if that's the easiest way... then do I make one of them 192.168.0.* and the other 192.168.1.* and set them up on different channels, or is there a lot more to it?

(And yeah, we just have a Netgear WNR3500 right now... nothing enterprise level. I could easily get another one just like it if that makes sense.)


thanks!

Pete

[Michael Warnock]

Personally, I'd install DD-WRT on your router (it's supported:
http://www.dd-wrt.com/wiki/index.php/Netgear_WNR3500L). It allows you
to create virtual wireless subnets and individually bridge them with
your wired net (or not) as you wish.

~Michael

[Chris C]

I'll second DDWRT... you can also enable security on individual virtual networks which would allow you to secure(even via RADIUS if you wish) your private network against visitors so they would not have access to servers and such.

[David R.]

Naw, just give um access to everything. What are you trying to hide? 

;D

D_R

[Have Blue]

DD-WRT?  Bah!  Real geeks use OpenWRT!  (though I admit to using DD-WRT when I just need something quick-and-dirty).

At work, I have our Cisco access points configured with two SSIDs, each on a separate VLAN.  Back at the switch I break off the two VLANs to either our switched network (the secured SSID) or to a router completely separate from our network with its own external public IP (the wide-open SSID).

[Pete Prodoehl]

DD-WRT and OpenWRT are quite good from what I hear... but let's pretend I don't want to have to learn anything new (!) or break the existing VPN set-up, etc...

If that's the case, would dropping another wifi router in place, with a different SSID and subnet, be enough to do what I'd want?

My first thought is to get another router, experiment with DD-WRT or OpenWRT, and if it doesn't do what I want (or I can't figure it out) I can just revert to the stock firmware (I assume I can?) and go with Plan A. Or Plan B. Or whichever the first plan was.

Pete

[Ron Bean]

>My first thought is to get another router, experiment with DD-WRT or
>OpenWRT, and if it doesn't do what I want (or I can't figure it out) I

>can just revert to the stock firmware (I assume I can?)...

When I first installed OpenWRT, I bought a spare router, just in case.
As it happens, I never used the spare (in my case, a Linksys WRT54GL,
but you might want to get the same model you already have). But it was
cheap insurance, and I still might need it someday...

DD-WRT is supposedly based on OpenWRT, but there are a bunch of others
to choose from:
http://en.wikipedia.org/wiki/List_of_wireless_router_firmware_projects

[Have Blue]

As long as the router has a different SSID and subnet (and doesn't know to route through the router covering the protected network), then I'd say yes!

As for reverting to stock firmware, you probably won't feel the need once you've tasted the power that OpenWRT/DD-WRT provides.  (running nmap on the router itself, SSH tunneling to machines behind the router, etc. are things I commonly do on my OpenWRT equipped WRT54G)