Menu
What's new
By:
Filters Better Search

Novice needing network design advice

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

denniston

denniston

Occasional Visitor
We are wanting to add guest wireless to our network at our church, but I'm not sure how to keep the guests off the secured network.

Our building is roughly 300' long. Our internet comes in on the East end of the building, and our main meeting space is on the West end.

My goal is to provide both guest & staff wireless coverage to the entire building. Becuase I really don't have a budget for this project, I'd like to stick with consumer grade devices (i.e. no managed switches, but I've seen them used fairly reasonable). I'm not afraid to flash to DD-WRT to get more functionality.

I guess my main question is, can I set up an access points with both guest and staff access. If so, can someone please point me in the right direction.

I was looking at these: http://amzn.com/B004UBU8IE
But I haven't really kept up with the devices, and don't know what is good.

Thanks in advance for your help.

Oh yeah, I created a couple of network diagrams to explain what we have and what we'd like.
Here's what we have:
new_hope_network.png


Here's what I think we would like:
new_hope_network_2.png
 
Your diagrams aren't showing up. Do you currently have wifi for the staff and just want to add wifi for guest, or do you currently have no wifi? Will your access points have a wired connection to your network?
 
Multiple wireless SSIDs and VLANs kind of go hand and hand especially with multiple APs all running on the same cable. If you could restrict your staff to wired only or segmented off then you can use any old wireless devices and you could segment your network with an extra router. Otherwise you need to build separate networks with separate cable.
 
With a few Asus (RT-AC56U or higher running RMerlin firmware or the john9527 or hggomes forks) routers used in Router mode and using only the Guest networks with AP isolation On and the main WiFi ssid's not used at all (create complex passwords that nobody knows or uses), this is a simple thing to do.

But when you switch to AP mode, you will lose the Guest network functionality (that is why it must be in Router mode).

Simply connect a LAN cable to the WAN port of the router and setup the guest ssid's as you see fit for both the 2.4GHz and the 5GHz bands.
 
You can also use any of the Ubiquiti Unifi AP's. They have a built in isolation mode for guest that works without having to have VLANs.
 
abailey said:
You can also use any of the Ubiquiti Unifi AP's. They have a built in isolation mode for guest that works without having to have VLANs.
Click to expand...

I wonder how these work technically? How do they keep the guess traffic isolated all the way out the router from multiple APs?
Are the guess clients located in the same network?
 
coxhaus said:
I wonder how these work technically? How do they keep the guess traffic isolated all the way out the router from multiple APs?
Are the guess clients located in the same network?
Click to expand...
Yes same network but they use filters. You can block IP ranges, like all private IP ranges so it can only see the internet. Though even if you block all private IP addresses it can still pull DHCP and it can still see the default gateway. But if you try to pull up the admin page for the default gateway it can not do that. So I assume it also does port filtering. See below:
Unifi.jpg
 
Last edited:
This makes sense as the wireless device is doing the filtering and only allowing access to certain IPs. How does a user get assigned to a guest network. Is it by logon or MAC? I assume it is automatic once setup.
 
abailey said:
Your diagrams aren't showing up. Do you currently have wifi for the staff and just want to add wifi for guest, or do you currently have no wifi? Will your access points have a wired connection to your network?
Click to expand...

I'm not sure why the diagrams are not showing up. They show for me.
Yes, we currently have wifi access.
The access points will be wired. My understanding is that wireless repeaters cut the bandwidth in half. Is that true?
 
denniston said:
My understanding is that wireless repeaters cut the bandwidth in half. Is that true?
Click to expand...

Yes. And when that repeater is in use, it will deteriorate not only the WiFi for that network for all devices, but for all other routers too that are either on the same channel or using an overlapping channel (or two, in the 2.4GHz band).
 
coxhaus said:
Multiple wireless SSIDs and VLANs kind of go hand and hand especially with multiple APs all running on the same cable. If you could restrict your staff to wired only or segmented off then you can use any old wireless devices and you could segment your network with an extra router. Otherwise you need to build separate networks with separate cable.
Click to expand...

Unfortunately several of our computers will need to both be wireless and have access to resources on the secure portion of the network.

My desire is to not have to have a separate device for each ssid (not to mention, i'm no sure how easily we can pull a per cable to he west end of the building). Are you suggesting hat I should get a managed switch? If so, would something like a Dell PowerConnect 2724 be a serviceable choice?
 
coxhaus said:
This makes sense as the wireless device is doing the filtering and only allowing access to certain IPs. How does a user get assigned to a guest network. Is it by logon or MAC? I assume it is automatic once setup.
Click to expand...

It is by SSID. When you set up an SSID you have to tell the software whether it is a guest SSID or not. Not sure what would happen if you tried to make the Guest SSID the same as the internal network SSID.
 
denniston said:
Unfortunately several of our computers will need to both be wireless and have access to resources on the secure portion of the network.

My desire is to not have to have a separate device for each ssid (not to mention, i'm no sure how easily we can pull a per cable to he west end of the building). Are you suggesting hat I should get a managed switch? If so, would something like a Dell PowerConnect 2724 be a serviceable choice?
Click to expand...

A managed switch will work as long as you get AP's that support multiple VLAN's (and a router that supports multiple VLANs). You could also get the Ubiquiti Unifi AP's I mentioned. They don't have to have a managed switch and VLANs to segregate guest from internal staff, but they can work with multiple VLANs if you wish. The standard 2.4ghz Unify AP's are about $65 each.
 
abailey said:
It is by SSID. When you set up an SSID you have to tell the software whether it is a guest SSID or not. Not sure what would happen if you tried to make the Guest SSID the same as the internal network SSID.
Click to expand...

This makes total sense to me now. Thanks
 
denniston said:
Unfortunately several of our computers will need to both be wireless and have access to resources on the secure portion of the network.

My desire is to not have to have a separate device for each ssid (not to mention, i'm no sure how easily we can pull a per cable to he west end of the building). Are you suggesting hat I should get a managed switch? If so, would something like a Dell PowerConnect 2724 be a serviceable choice?
Click to expand...

If you are going to have wireless for both staff and guess and share resources you are going to want to use a separate VLAN for each. To share resources across VLANs it is best done at layer 3 with ACLs.
 
Last edited:
Thanks for your reply & bearing with my lack of knowledge:

coxhaus said:
If you are going to have wireless for both staff and guess and share resources
Click to expand...
by resources do you mean physical devices? As far as resources the guests will only be accessing the internet.

coxhaus said:
you are going to want to use a separate VLAN for each. To share resources across VLANs it is best done at layer 3 with ACLs.
Click to expand...
to clarify, that means installing a managed switch, correct?

If so, would the Dell PowerConnect 2724, be an ok choice? It seems to be quite reasonable used.

Thanks again,

Jason
 
If your guess are only going to access the internet then I would use what abailey recommended and use the standard 2.4ghz Unify AP' since they are only $65. It sounds cheap to me. You don't need a managed switch just CAT5e cable out as far as you need to cover both ends of the church.

PS
You probably will need more ports. It will be based on how many wireless units you install. An 8 port switch does not go very far. I don't know how many free ports you have. I confused your post with another one.

PSS
Maybe Dell switches are better now but I had an old one that would require a reboot every 6 months or so. The switch would slow down until you could not stand it and you rebooted it. I finally gave it away a couple of years ago. It was a 16 port switch.
 
Last edited:
So I think I fell into a deal today.
I picked up 2 HP J4813A ProCurve 2524 10/100 24 Port Managed Switches for $17 each.
What?
 
You must log in or register to reply here.

Similar threads

C
Home / small biz wireless network advice
Replies
12
Views
1K
coxhaus
C
M
WiFi AP with Mesh Setup?
Replies
5
Views
926
MJW75
M
C
Fixed Macbook Air roaming issue
Replies
4
Views
357
sfx2000
sfx2000
M
Any workaround to expand Guest Network 'features' on Mesh for IoT Devices | AX86U
Replies
2
Views
276
ChatmanR
ChatmanR
OakleyFreak
Mesh advice
Replies
15
Views
544
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
M Blocking some devices to connect to the network or accessing the internet General Wireless Discussion 1
R Home network advice General Wireless Discussion 6
M Need Help with Home Network Setup Involving Ubiquiti Antennas and Tenda Router General Wireless Discussion 2
N Is this a smart and reasonable layout for a home network? General Wireless Discussion 10
C Home / small biz wireless network advice General Wireless Discussion 12
C My 2.4 network drops constantly General Wireless Discussion 5
O Solved Need help in network design to connect my pellet stove to local network General Wireless Discussion 7
Pauluk Troubleshooting home network wifi problems General Wireless Discussion 18

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 976 (members: 15, guests: 961)
Top