Re: Setting up wireless in a passthru/bridge mode
- From: Jon <Jon@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 1 Jun 2007 10:42:00 -0700
Merv and Owen,
Thanks for your fantastic help on this. I have one more, probably dumb
question, but should I run the CECIW to reconfigure the IP addresses for the
external NIC or can I do this within the adapter itself?
Thanks again for your help!
Jonathan
"Owen Williams [SBS MVP]" wrote:
In article <##Qmx68oHHA.4552@xxxxxxxxxxxxxxxxxxxx>,.
mwport@xxxxxxxxxxxxxxxxxxx says...
I'm going to say that the easiest way to accomplish your goal without
changing your Westell setup, is to buy 2 cheap routers (Linksys, DLink,
etc.): a wired and a wireless. Put the wired router between the Westell and
the second NIC and set up the WAN side of the wire router with the static
WAN IP from your ISP. Then configure the external NIC on the SBS with a
static IP address in the same range as the LAN side of the wired router. In
the wired router configuration, port-forward all required ports (25, 3389,
4125, etc.) to the external SBS NIC. Turn off DHCP on the wired router.
Then re-run CEICW, enabled the firewall, select your services, complete the
Web Server Certificate and complete CEICW. After you know that your
workstations and server can get out to the Internet, connect the Wireless
router to a free port on the wired router and give the WAN side of the
"wireless" router a static IP address in the same range as the LAN side of
the "wired" router. Then configure the wireless security and DHCP service.
This will put your wireless router outside of your SBS network, yet give
those wireless guests Internet access.
IMO, this overcomplicates the configuration given the original poster
just wants to provide guest access with minimal controls other than (I
hope!) some basic security to ensure war drivers don't use the wireless
network.
I would just use a wireless router between the Westell and the SBS
external NIC. Enable DHCP on the router, but configure it to have an
excluded IP range (10 addresses are usually sufficient) and set the SBS
ext. NIC to one of those addresses. Forward all required ports (25,
3389, 4125, etc.) to the external SBS NIC. Configure WPA-PSK security
with a password you change periodically (monthly?) and provide to your
guests.
So, it looks like this:
Internet
|
Westell
|
Wireless Router (WAN: Static WAN IP from ISP; LAN: 192.168.1.1;
DHCP: 192.168.1.11-254)
|
SBS External NIC (192.168.1.2)
|
SBS (DHCP: 192.168.16.x)
|
SBS Internal NIC (192.168.16.2)
|
Switch
|
Workstations (192.168.16.x)
Wireless stations get a DHCP-assigned address in the 192.168.1.x range,
x=11-254.
If the Westell supports all the required functions - including WPA or
WAP2 security, not just WEP - you can re-enable the router function
(take it out of bridge mode), configure it as described, and you don't
even need to purchase a wireless router. [That said, I do like to set
DSL modem/routers to bridge mode so the device is providing only basic
DSL connectivity while the router or firewall appliance I spec performs
the routing and perimeter security functions.]
-- Owen Williams (SBS MVP)
- Follow-Ups:
- Re: Setting up wireless in a passthru/bridge mode
- From: Owen Williams [SBS MVP]
- Re: Setting up wireless in a passthru/bridge mode
- From: Merv Porter [SBS-MVP]
- Re: Setting up wireless in a passthru/bridge mode
- References:
- Re: Setting up wireless in a passthru/bridge mode
- From: Merv Porter [SBS-MVP]
- Re: Setting up wireless in a passthru/bridge mode
- From: Owen Williams [SBS MVP]
- Re: Setting up wireless in a passthru/bridge mode
- Prev by Date: Further Questions on Adding group to local administrators group via GPO
- Next by Date: RE: VPN Problems
- Previous by thread: Re: Setting up wireless in a passthru/bridge mode
- Next by thread: Re: Setting up wireless in a passthru/bridge mode
- Index(es):
Relevant Pages
|
