Re: A second subnet

In no particular order:

1. If you enable the SP2 firewall (don't do this if you are running third
party security software), you then configure an Exception for File and
Printer Sharing. You can change the scope of the exception to block/allow
only certain machines based upon IP address. This may not be practical if
everyone is on the same subnet and you use DHCP:

http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

2. You wouldn't have to disable DHCP on the second router as long as you
configure its LAN settings to be on a different subnet.

3. If the primary goal here is to isolate the existing network from the new
machines, a better way to do this would be to connect the existing machines
through the new router. Then new laptops could connect to the existing
router through an access point and they would have Internet access. You
would not need to worry about firewall settings on existing machines to
block access from the new laptops because by default the new router will not
allow this kind of connection. Note - although laptops could not access
existing machines, the laptops themselves could be accessed from existing
machines.

However, this will not work if the new laptops need to be joined to the
domain and/or access existing printers connected to the new router. Of
course, you could always leave the printers where they are.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"jeffuk123" <jeffuk123@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:95AC640B-FCEE-4607-8ABC-D7639C91E981@xxxxxxxxxxxxxxxx
Thanks Doug for your response, that seems a bit more straigtforward.

Just a couple of other questions I need to confirm.

1) I gather I will have to disable DHCP on the 2nd router and give the
laptops a static ip.
2) I've never used the XP SP2 firewall to prevent client machines from
accessing an existing network. How is this configured?
3) Finally, with regards the linksys access point and your previous
response:-

"It doesn't matter. Unless you put the laptops on the same subnet as
existing machines they will not have access to anything except themselves
because the Linksys device is not a router."

So basically, leaving the linksys default settings as they are will not
give
the laptops access to the internet because the default gateway would be on
another subnet. In order to connect the laptops to the internet I would
have
to put the linksys on the same subnet as the existing network?

If this is so, can I not just go ahead and do that, and configure the XP
SP2
firewall settings on the laptops to prevent access to the existing network
resources?

Many thanks Doug for all your help

Jason

"Doug Sherman [MVP]" wrote:

"So can this router be configured to refuse the new users laptops
access to the existing network resources, but still allow them access to
the
internet, with the linksys installed?"

Depends on the feature set of the router - probably not.

"Are you saying that if I install the 2nd access point (the linksys),
that
the laptops have to be given static ips, but cannot be prevented access
to
the network resources."

It doesn't matter. Unless you put the laptops on the same subnet as
existing machines they will not have access to anything except
themselves
because the Linksys device is not a router.

"Forgive me but I say a little vague, because you didn't mention how to
configure or set up a 2nd router to allow me to accomplish what I have
been
asked to do, that is, if I choose to install a 2nd router, which I
believe
is
what you mean."

You do not have a "2nd router" - you need to get one. Connect the
router's
WAN/Internet port to a LAN port on your present router (this is not the
DWL-2000AP ). Make sure the router's LAN settings are for a different
subnet. If you have a Windows domain, domain clients must point to the
DC
for DNS. You can use the XP SP2 firewall to prevent access to existing
machines from the machines connecting through the new router.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"jeffuk123" <jeffuk123@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7D2D666C-BDE8-4C9C-AA35-E840437DF8D9@xxxxxxxxxxxxxxxx
Many thanks for your reply, although a little vague.

Ok. I believe that the initial access point (the d-link), is connected
to
a
router. So can this router be configured to refuse the new users
laptops
access to the existing network resources, but still allow them access
to
the
internet, with the linksys installed?

Are you saying that if I install the 2nd access point (the linksys),
that
the laptops have to be given static ips, but cannot be prevented
access to
the network resources.

Forgive me but I say a little vague, because you didn't mention how to
configure or set up a 2nd router to allow me to accomplish what I have
been
asked to do, that is, if I choose to install a 2nd router, which I
believe
is
what you mean.

I have yet to find any forums that have been able to answer this
question,
as to whether I use a 2nd access point or a 2nd router, and how to
configure
the appropriate device to prevent new users from accessing the
existing
users
network.

I guess this question appears harder to answer than I assumed!

Many thanks
Jason

"Doug Sherman [MVP]" wrote:

You need some kind of router to accomplish this. Both the DLink and
Linksys
devices are access points; they are not DHCP servers; and by
themselves,
they cannot do what you want.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"jeffuk123" <jeffuk123@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5E78F635-525F-4303-893E-BC489AEA94E7@xxxxxxxxxxxxxxxx
Hi

I have to setup a new mobile classroom for users with laptops, who
only
need
access to the Internet.

The current setup of this company I believe is as follows:-

They are running Windows Server 2003 with 11 wireless PCs. They
have a
D-Link DWL-2000AP connected for the wireless clients. I know that
the
default
ip address of the DWL-2000AP is set to 192.168.0.50.

What I don't know is whether the server or router is dishing out
DHCP.
I
ASSUME the server is set to static and the d-link is dishing out
DHCP.

Anyway, the new mobile classroom needs to be put on a second
subnet. I
have
been given a Linksys WAP54G (wireless access point), which has a
default
ip
address of 192.168.1.254.

I need to connect the new laptop users to the current wireless
printers,
but
prevent them from accessing the current users network resources.
The
new
users only need internet access.

I wondered which is the best way to set this up. I assume I can
leave
the
default ip settings in place for the new linksys AP. Would I be
best
to
give
the new laptops dhcp or static ips?

Also, what is the best way to configure it so that they can take
their
laptops home as well and access the internet?

So to recap:-

1) new users need only internet access at work but not access to
the
existing network resources.
2) They need to be able to access the internet at home as well.

All help really appreciated,

Kind regards,
Jason








.