Newbie questions - access to network resources from wifi in my office

[nodrog]

OK, so I would like to put a wifi router in my office attached to the office network (ok with IT but they will not "support" - if you ask me they don't support to much so this is fine) to allow me to move around the office and access. This may be a simple one ...

All works fine and I can access the net ... but I don't "see" any of the network resources like the networked printer, eg or shared drives. And I can't remote to other machines even though I am on the local network.

Is there a way to overcome this - or what details can I provide to assist in the answer,

many thanks,

Gordon

 

[YeOldeStonecat]

If you put a wireless router on the network, you segmented yourself in another IP range. What you really wanted was just a wireless access point....so that you could stay on the same network.

There are ways to "reconfigure" a wireless router....but you have to be careful, or you can drop the whole network. You log in, setup your SSID and security, then you MAKE SURE that it's LAN IP address is NOT conflicting with anything on the main network you need to connect to....it can be in the same range, or not...just as long as you know what it is, and just as long as it will not conflict with the network you're about to connect to. Then you MUST disable DHCP on it (if you don't...the office IT guy will be very angry with you within a few minutes). Now..once done, uplink it to the office network using a LAN port...you will NOT use the WAN port. Now you're using it just as a wireless access point...it is not routing, no firewall in the way, no NAT.

 

[thiggins]

How To Convert a Wireless Router into an Access Point

 

[stevech]

I recommend: Don't do it. Job risk. Unemployment.

Competent corporate IT policy prohibits employee-additions to the company network without special management approval. Especially service and consulting companies like healthcare, legal services, financial, investing, companies with intellectual property to protect, public service, etc.

Especially WiFi. For example

1) you accidentally configure the WiFi access point (AP) such that someone nearby gets in and uses your company's network. Causes harm. You could be disciplined.
2) You choose an SSID for your AP that advertises the existence of WiFi access, even with WPA encryption. Someone notices that SSID and misrepresents how lax your company is about protecting the company's customer data and the company's data.

Just don't do it.

 

[htismaqe]

Listen to Steve. Putting an unauthorized AP on your work network is a good way to get disciplined by IT and HR.

 

[nodrog]

OK message received!! Loud and clear. I guess its not much of a defense that others are doing it (lots ... the wifi reception set up is poor) I have the feeling I'm getting this feedback from some pretty senior people who have had to clean up these messes.

Thanks though I did get to learn about access points and I appreciate your gentleness with a newb.

g

 

[stevech]

If other employees hookup their own WiFi APs to the company LAN, you should go talk to the CEO. He needs a new IT manager.

Most decent IT systems have scanners that detect things like WiFi APs (based on MAC) and they send out the IT guy to confiscate.

Some don't even permit renegade ethernet switches because they can block system monitoring.

Just advising you for your own good, and doing the right thing.

(It's surprising that thiggins didn't speak up on this, rather than as posted above).

 

[YeOldeStonecat]

It could just be a smaller business, where this is quite common...thus a post to help properly install it. OP did put "OK with IT" in his opening post. Best approach...sure, have IT put in a proper business grade AP....but in many smaller businesses, someone bringing their own wireless to add wireless to a low budget SMB network is quite common in the real world.

 

[azazel1024]

Agreed. Even if IT "doesn't have a problem with it", even if they are aware, too much chance something could splash back on you.

A defense of "well I talked to Mike in IT and he said, I can do whatever I want, but he isn't touching it" isn't likely to fly if for some crazy reason the installation results in either a network vulnerability that someone ends up exploiting or causes configuration issues that down people/equipment from the network.

It very well might be fine, but I appreciate my job. I just complain to IT until they do something to fix whatever issue I am having. Also to my boss. Make it known how the lack of X is causing me productivity issues.

Doesn't mean it'll get fixed, but occasionally it does and then I don't own anything if it goes south.

I actually remember getting yelled at once when I was running a hotspot on my phone when they were walking around scanning for unauthorized WAPs. They chilled when they realized it was a mobile hot spot and not something connected to the network, but they take network security very seriously. WPA2 enterprise, RADIUS + MAC filtering on the wired end of things and they shut off ports not designated as in use/live. Maybe/possibly some other stuff that they use.

They still scan the network for unauthorized devices connected to it, constantly. They also periodically walk around (and considering the probably 500,000sq-ft of office space between 6 buildings, it takes awhile) looking for rogue wireless signals too.

 

[stevech]

Your hiring/firing manager won't have any sympathy for you if you assert "Mike said it would be OK but don't ask for support".
At the least, you'd get common-sense-nada demerits that correlate to a smaller raise.