 |
|
Last week I was tasked to set up a guest network for the company I work for. We had some visitors come in who wanted access to the internet on their laptops. I did not want to give these folks our wireless password so they ended up being connected through an Ethernet cable. This was not an ideal move either as they had unlimited access to our whole network since we do not have a domain controller.
The first idea I had was to search the internet for help. I had read an article on this a year or so ago and wanted to find it again. I did not find it after a couple hours of searching. What I did find was a lot of articles on subnetting and domain controllers. These were not helpful in my endevour.
What I did come across was a random comment someone had which ended up doing the trick for me, so I will share it with you.
The trick here is to have 2 routers setup on your network. Yes, 2 routers, not switches/hubs. What we are going to do is set up a network with a portion of it private so that other computers on the first network cannot see anything on the private network. Unfortunately, in this setup anything on the private network can still see things on the more public network. This can be fixed with a third router, but for this article, we are covering the 2 router setup.
The first step is to hook the Ethernet cable from your modem into the WAN port on your “public” modem like normal. The trick here is to go into your router configuration utility and change the LAN address of the router to something different. Most routers come standard with 192.168.1.1 as their address, I suggest changing it to 192.168.2.1. The third number is the important one to change here.
Now comes the magic part. Connect the “private” router’s WAN port to a LAN port on the “public” router. Go into the “private” router’s configuration utility and set its internet IP address to something on the subnet on the “public” router, something like 192.168.2.3. You may keep the LAN IP address of this router default (192.168.1.1). With this setup, any computer connected to the “public” router will have IP addresses in the format of 192.168.2.X, and computers connected to the “private” router will have IP addresses like 192.168.1.X.
The other thing to keep in mind is wireless security for your “private” network. Make sure to set a password for this wireless network, I suggest WPA-2 over WEP or WPA-1 if your router and network cards can handle it (any of them in the last 5 years should have it). For an extra layer you can disable SSID (this is what broadcasts your wireless network’s name to the world) so that users have to enter it in manually.
I do not recommend using this strategy for network security if you have a medium to large sized business. This strategy is fine for home and small office use.
blog comments powered by Disqus
