Hi all,
I've searched the forums but haven't found this answered in a complete manner, so I'm still unclear how to achieve my goal (file this under "knowing enough to be dangerous..."):
I want to increase coverage at my church by adding another couple of access points. This part is easy in concept, except for the one wrinkle that right now I've got the existing one wireless router (WNDR3700) set up with guest access and guest network isolation so that guests can only see the internet, but none of the private staff network. I was thinking of adding another two WNDR3700's to fix the coverage issues, mainly because the existing one has worked well, and I don't want to create a conglomeration of gear if I can avoid it to keep it simple for the volunteer "IT staff". Adding a couple more AP's seems easy enough, except...
I want the additional AP's to support the same private + guest behavior. All the private wireless clients should be able to see everything, using the same SSID, all the guest clients get isolated acces using the same guest SSID.
All additional equipment will be hardwired back to the switch closet.
If I set up the secondary WAP's as strictly AP's, they won't support guest access. If I set them up as routers, this means I'd have to use the WAN port to connect to the switch to preserve the guest isolation, and the guest vs. secure traffic will just be mingled in the switch again. Plus local LAN traffic going out TO the WAP's will hit the firewall if connected via the WAN port. I guess the big-boy way of doing this would be true AP's that would allow vlan tagging of the two different SSID's, and then the switch would route the vlans appropriately, one to just the internet modem, the other to the internet and the rest of the private vlan.
I've got a little Netgear Prosafe switch that will support vlans (plus it supports "802.1x port authentication with guest VLAN...", but I'm not sure what port authentication means...). But I don't see how I can take advantage of these features, again because if the WAP's can't support vlans, the switch can't do anything interesting.
Is there some way to get the WNDR3700's to do what I want? Or is there a different wireless product that will do this gracefully? I'm willing to replace WAP's if need be, but we don't have a budget for pro stuff.
Thanks for the wisdom!
I've searched the forums but haven't found this answered in a complete manner, so I'm still unclear how to achieve my goal (file this under "knowing enough to be dangerous..."):
I want to increase coverage at my church by adding another couple of access points. This part is easy in concept, except for the one wrinkle that right now I've got the existing one wireless router (WNDR3700) set up with guest access and guest network isolation so that guests can only see the internet, but none of the private staff network. I was thinking of adding another two WNDR3700's to fix the coverage issues, mainly because the existing one has worked well, and I don't want to create a conglomeration of gear if I can avoid it to keep it simple for the volunteer "IT staff". Adding a couple more AP's seems easy enough, except...
I want the additional AP's to support the same private + guest behavior. All the private wireless clients should be able to see everything, using the same SSID, all the guest clients get isolated acces using the same guest SSID.
All additional equipment will be hardwired back to the switch closet.
If I set up the secondary WAP's as strictly AP's, they won't support guest access. If I set them up as routers, this means I'd have to use the WAN port to connect to the switch to preserve the guest isolation, and the guest vs. secure traffic will just be mingled in the switch again. Plus local LAN traffic going out TO the WAP's will hit the firewall if connected via the WAN port. I guess the big-boy way of doing this would be true AP's that would allow vlan tagging of the two different SSID's, and then the switch would route the vlans appropriately, one to just the internet modem, the other to the internet and the rest of the private vlan.
I've got a little Netgear Prosafe switch that will support vlans (plus it supports "802.1x port authentication with guest VLAN...", but I'm not sure what port authentication means...). But I don't see how I can take advantage of these features, again because if the WAP's can't support vlans, the switch can't do anything interesting.
Is there some way to get the WNDR3700's to do what I want? Or is there a different wireless product that will do this gracefully? I'm willing to replace WAP's if need be, but we don't have a budget for pro stuff.
Thanks for the wisdom!
