Wireless Access Point Tips?

linkx · 06-30-2009, 12:37 PM

I have a Linksys WAP54G plugged into my office LAN. The device has an IP of 192.168.1.47 and uses my Untangle box as the default gateway. Addresses are handed out to wireless clients via DHCP from my Windows Server 2008 DHCP/DNS server. Everything works fine: the WiFi clients get IP addresses and Internet access. However, the WiFi clients end up on the same subnet as the rest of the wired office = bad.

What are the steps I should take to segment the wireless clients from the 192.168.1.x network--put them on their own isolated subnet--so that they only get Internet from the Untangle box and are not allowed on any other subnets?

I know that I have to make some configuration changes on (1) Untangle, (2) the WiFi access point, and (3) the Windows Server 2008 DHCP server. And I know that I need to create a new subnet for WiFi traffic. But I don't know how to achieve this.

Can someone offer some tips? I've never worked with access points before.

Thanks!

ezhess · 06-30-2009, 02:55 PM

Have the WAP dish out DHCP addresses to your wireless clients on a separate network and have Untangle do the routing.

linkx · 06-30-2009, 03:21 PM

Thanks. The WAP cannot provide DHCP as it does not have DHCP services on it.

ezhess · 06-30-2009, 03:51 PM

I've never used DHCP on Untangle, but can you tell Untangle to only give out DHCP on one interface and plug the WAP into that interface?

sky-knight · 06-30-2009, 05:13 PM

With another interface on Untangle you can create a whole new segment. However, it requires some packet filter hammering. If you have DHCP services provided it's a checkbox flip to kill DHCP on internal, and enable it on DMZ in the packet filter. Then you can have UT's DHCP hand out addresses for the second segment.

There is a laundry list of stuff to do...

1.) set DMZ static
2.) configure a sane nat policy for DMZ
3.) smack the packet filter around so the DMZ clients can get to the UT DNS service
4.) flip the DHCP "switch" in the packet filter

At that point you should be online. But the block messages will be a basic text thing and not the pretty stuff you're used to.

06-30-2009, 12:37 PM	#1 (permalink)
linkx Untangler Join Date: Jun 2008 Location: Minneapolis, Minnesota Posts: 34	Wireless Access Point Tips? I have a Linksys WAP54G plugged into my office LAN. The device has an IP of 192.168.1.47 and uses my Untangle box as the default gateway. Addresses are handed out to wireless clients via DHCP from my Windows Server 2008 DHCP/DNS server. Everything works fine: the WiFi clients get IP addresses and Internet access. However, the WiFi clients end up on the same subnet as the rest of the wired office = bad. What are the steps I should take to segment the wireless clients from the 192.168.1.x network--put them on their own isolated subnet--so that they only get Internet from the Untangle box and are not allowed on any other subnets? I know that I have to make some configuration changes on (1) Untangle, (2) the WiFi access point, and (3) the Windows Server 2008 DHCP server. And I know that I need to create a new subnet for WiFi traffic. But I don't know how to achieve this. Can someone offer some tips? I've never worked with access points before. Thanks!

06-30-2009, 02:55 PM	#2 (permalink)
ezhess Untangler Join Date: Dec 2008 Posts: 94	Have the WAP dish out DHCP addresses to your wireless clients on a separate network and have Untangle do the routing. __________________ [URL="http://www.simplyitconsulting.com"]http://www.simplyitconsulting.com[/URL]

06-30-2009, 03:51 PM	#4 (permalink)
ezhess Untangler Join Date: Dec 2008 Posts: 94	I've never used DHCP on Untangle, but can you tell Untangle to only give out DHCP on one interface and plug the WAP into that interface? __________________ [URL="http://www.simplyitconsulting.com"]http://www.simplyitconsulting.com[/URL]

06-30-2009, 05:13 PM	#5 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 7 Posts: 7,722	With another interface on Untangle you can create a whole new segment. However, it requires some packet filter hammering. If you have DHCP services provided it's a checkbox flip to kill DHCP on internal, and enable it on DMZ in the packet filter. Then you can have UT's DHCP hand out addresses for the second segment. There is a laundry list of stuff to do... 1.) set DMZ static 2.) configure a sane nat policy for DMZ 3.) smack the packet filter around so the DMZ clients can get to the UT DNS service 4.) flip the DHCP "switch" in the packet filter At that point you should be online. But the block messages will be a basic text thing and not the pretty stuff you're used to. __________________ Intouch Technology Rob Sandling, BS:SWE, MCP Office: 480-272-9889 rob@intouchtechllc.com

06-30-2009, 03:21 PM	#3 (permalink)
linkx Untangler Join Date: Jun 2008 Location: Minneapolis, Minnesota Posts: 34	Thanks. The WAP cannot provide DHCP as it does not have DHCP services on it.