What's new

How to setup wireless separate from the main LAN at home?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

F

Fezmid

Guest
Hey everyone,
I'd like to setup a wireless network that's separate from my main home LAN for when someone wants to simply surf the web with their laptop. I live in a townhome, so there's lots of houses in close proximity and while I am going to use WPA and all, I want to make sure that even if a neighbor does crack the encryption that they won't be on my internal network.

How would I best accomplish this?

I think I could buy a switch/router (like the Dlink 4100), label a port "DMZ" and plug a wireless AP into that port. Would that work like I'm expecting?

What if I bought a managed switch like the ProCurve 1800? I believe it can do VLANs -- however, since I'll be connecting that switch to a router (like the Dlink 4100), I don't think that would really work...

Any suggestions would be appreciated. I might just bite the bullet and buy the DLink 4300 and enable wireless... But I'm a bit leary.

Lastly - any issues with uplinking a ProCruve 1400 or 1800 with the Dlink 4100/4300?

Thanks all.
 
Using something like WPA2 with a really strong key is near impossible to crack by any reasonable means. Specifically, read this [Smallnetbuilder]. Personally, I use long, randomly generated strings of characters. The only downside to this is it's a pain to have to remember or input. As such, I simply save it to a text file on an encrypted USB key (TrueCrypt) so it's easy to input again. Pretty safe.

But that aside, one of the easiest ways is doing a double-NAT setup, using 2 or 3 routers. Here's a great article from SNB that will show you how.

Otherwise, you would need a router that can do a little more, such as VLAN'ing or creating different subnets for the wireless portions of the network. If you have a compatible router, you can give something like Tomato or DD-WRT a shot, which really opens up the capabilities of your router. Otherwise, you can also use something like pfsense, which is a really easy to use, but powerful linux/bsd based router. Or, just buy a slightly more business grade router than can do this sort of thing, like a Linksys RV0 type.
 
Using something like WPA2 with a really strong key is near impossible to crack by any reasonable means. Specifically, read this [Smallnetbuilder]. Personally, I use long, randomly generated strings of characters. The only downside to this is it's a pain to have to remember or input. As such, I simply save it to a text file on an encrypted USB key (TrueCrypt) so it's easy to input again. Pretty safe.

But that aside, one of the easiest ways is doing a double-NAT setup, using 2 or 3 routers. Here's a great article from SNB that will show you how.

Otherwise, you would need a router that can do a little more, such as VLAN'ing or creating different subnets for the wireless portions of the network. If you have a compatible router, you can give something like Tomato or DD-WRT a shot, which really opens up the capabilities of your router. Otherwise, you can also use something like pfsense, which is a really easy to use, but powerful linux/bsd based router. Or, just buy a slightly more business grade router than can do this sort of thing, like a Linksys RV0 type.

Lots of work to protect the network isn't it. There is another freeware program you might want to try called: omziff http://www.xtort.net/xtort-software/omziff/
 
Lots of work to protect the network isn't it.

Not really. Setting up WPA[2] is about as easy as it gets. The setup disc on most routers will do it for you if you're not brave enough to hop into the router's web interface.

And encrypting individual files/folders I would say isn't a terribly great way to ensure your protection on a WLAN. Important for protecting highly sensitive data yes, but otherwise there's still tnos of damage to be done with or without it. Encrypting your entire hard drive is no good if you have things like the default admin shares hanging in the breeze.
 
Not really. Setting up WPA[2] is about as easy as it gets. The setup disc on most routers will do it for you if you're not brave enough to hop into the router's web interface.

And encrypting individual files/folders I would say isn't a terribly great way to ensure your protection on a WLAN. Important for protecting highly sensitive data yes, but otherwise there's still tnos of damage to be done with or without it. Encrypting your entire hard drive is no good if you have things like the default admin shares hanging in the breeze.

Whoops! I should have rephrase that last one. No I wasn't talking about WP2 setup with software I was talking Encryption over all. The program you use I've used it in the past, I was just letting you know their are others to choose from with less complex method to do it. There is also another one but it has to be installed Omziff doesn't need to be installed and can run zip, SD or other media.
 
One way to keep people from accessing your shares is to use two routers. Router1 has wireless, and Router2 is cabled in R1LAN<>R2WAN. In order for someone on Router1 to access shares hosted behind Router2, they'd have to deal with NAT. It's not completely secure, but it'll stop people from stumbling onto them.

I share Internet with my neighbors, so I deal with the same problem by using a pfSense embedded system (which I really should document) as my router, and configure the firewall to not pass traffic between the internal and free Internet interfaces. Two cheap routers still win the cost advantage, even though it's a bit of a kludge.
 
One way to keep people from accessing your shares is to use two routers. Router1 has wireless, and Router2 is cabled in R1LAN<>R2WAN. In order for someone on Router1 to access shares hosted behind Router2, they'd have to deal with NAT. It's not completely secure, but it'll stop people from stumbling onto them.

I share Internet with my neighbors, so I deal with the same problem by using a pfSense embedded system (which I really should document) as my router, and configure the firewall to not pass traffic between the internal and free Internet interfaces. Two cheap routers still win the cost advantage, even though it's a bit of a kludge.

Oh you share your wireless with your neighbors, I don't do that! I have 4 routers running here. Each one is used for certain purpose. Main is the connected to WAN the other 3 are used as WAP (2x wireless access point) and WCB (Wireless client Bridging). The way you are describing I did that with a 5th wireless router connected that and used it as hardware firewall to test to see if that would work, it did. But right now everything is pretty much secured don't want to go over board.

I have all the shares protected, and just to get onto the Internet that is also block off too you need a user name and password to internet. Still I have some of the major security holes block using the IRIS program. NTL2 closed off. Those Guest account is blocked off also. Do you use the Security Policy on each system?
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top