1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wife's office network

Discussion in 'Networking Issues' started by xeony2k, Oct 30, 2007.

  1. xeony2k

    xeony2k LI Guru Member

    My wife works in a doctor's office. Their internet layout is a cable modem with a wireless router. Their LAN traffic also goes through the router. The network consists of two wired clients and three wireless clients. Me being somewhat IT savvy, I find myself helping them out from time to time. Anyway, one of them has a laptop that doesn't seem to work with their present AP, so I've suggested we get a WRT54GL to replace their very old d-614+. The best I can come up with is the two are simply incompatible.

    My concerns for their network are two fold; that everyone can get on the network who should and people who shouldn't... can't get on. Digital patient records on the network makes this a huge must.

    So I'm thinking the WRT54GL solves the incompatibility issue. I brought the offending laptop home and it works fine with my network running a WRT54GL w/ HyperWRT Thibor. Can someone suggest setting up a security profile for this network? I'd like to run WPA on it with MAC filtering. My only issue with MAC filtering is that every time they want to grant someone access onto their network, I have to do it. I've pulled the security article here, but I have say this isn't a subject I know much.

    Anyway, is there a flash available that one could set up a sub-net of sorts so that various users could be granted some kind of throttled internet access, with no LAN connectivity? I say this because they have mentioned that drug reps (and some others) do occasionally request if they can access the internet.

    Sorry if this is all over the place... let me know if I can clarify any points and TIA.
     
  2. thepianobar

    thepianobar LI Guru Member

    I would skip the MAC filtering (because it's an administration pain like you pointed out) and just run WPA (or better yet WPA2).

    Setting up guest access would require you to run two separate SSID's at the same time and have them go to different vlans. So SSID:Office is on the same vlan as the LAN ports and SSID:Guest is on a different vlan.

    I'm not familiar with HyperWRT, the only 3rd-party firmware I've used is DD-WRT. I remember seeing these types of features in the latest v24 release, but I haven't played around with it at all yet. You might want to check out their forum or wiki and see if anyone has specifics on doing this.
     
  3. xeony2k

    xeony2k LI Guru Member

    Big thanks for the suggestions and info. I will definitely check out the DD-WRT a little more in depth. But that sounds like the way to go for sure.
     
  4. thepianobar

    thepianobar LI Guru Member

    I found this on the dd-wrt forum: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=22412

    The process seems pretty involved, I was sort of hoping it'd be a bit easier than that. If I have some time in the next few days I might play around with this and see if there is a way to do it through the gui and not have to run a script for it.
     
  5. xeony2k

    xeony2k LI Guru Member

    I read that very same thread and was thinking it was a bit more than I was hoping for too... one of the important things again is that it works without glitches.

    Glitches mean they call me and I either have to talk them through something or look at it myself. ;)
     
  6. RonWessels

    RonWessels Network Guru Member

    Do you want the simplest solution for guest Internet access? Get a second wireless router. Connect the Internet to Router#1 and use it for wired/wireless guest access. Connect the WAN port of Router#2 to a LAN port of Router#1 and use Router#2's LAN/wireless for internal access.

    Sure, it double-NAT's. But we were running a small (30 person) company that way for over a year without issues. Just make sure that Router#2's LAN settings are different than for Router#1, that the two SSID's are different (or confusion will result) and that they use different channels, say 1 and 11.
     
  7. thepianobar

    thepianobar LI Guru Member

    That's a very good point, Ron. For ~$50-60 to get a second router you have a very simple solution. No messing around with 3rd-party firmware and weird scripts that might or might not work.

    I'll second his experience with double-NAT, it works just fine.
     
  8. DocLarge

    DocLarge Super Moderator Staff Member Member

    If action hasn't already been taken on this, you could look at a WRV200 which allows for either "ported" or "wireless" VLAN. I agree, double nat should not be a problem. However, as opposed to daisychaining (which again is not a big deal), you could use the WRV200 to replace the router that is already in place.

    Just an option :)

    Jay
     
  9. pablito

    pablito Network Guru Member

    Ditto for either of the WRV200 or second cheap router solutions. Much easier than fooling around with things that you don't fully understand. The range on the WRV200 isn't as good as the WRT but the available options will do want you need. A second AP (even the 614) will also do the job. Once you get good at it then you can turn off NAT on the inside router (with appropriate routing setup).
     

Share This Page