Adding public access to wifi LAN without compromising security

Unanswered Question
Aug 24th, 2010
User Badges:

My hospital has a LAN with a server running Server 2003, about 40 hardwired

work stations and various network printers. The network receives its internet

access through two T-1 lines, each interfaced through a Cisco router.  In

addition, several COWS(computers on wheels) connect to the LAN through a

wireless network consisting of three Cisco Aironet 1130AG WAPs using

WPA encryption.  We need to be able to give the public access to the

internet without compromising the security of the LAN.  Can I create a second

SSID in the 1130AGs in such a way that the public can have access to the

internet, but not be able to hack into the hospital LAN?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Stephen Rodriguez Wed, 08/25/2010 - 09:21
User Badges:
  • Purple, 4500 points or more


     This is possible, you would need to create a new VLAN on the LAN to support the guest users.  Then trunk to the AP, as we will now have multiple SSID and VLAN that we need to pass traffic for.  The way you keep the "guest" from the "internal" is to put ACL's up at L3 that deny traffic between the two subnets.

benpressman Wed, 08/25/2010 - 11:23
User Badges:

Thanks for your response Stephen.  Pardon my ignorance, but I would appreciate it if I could ask you some questions in order to understand your answer.

So each of my three AP's is connected to the LAN via an ethernet cable.  When you say "trunk to the AP", are you talking about how the two separate SSID channels pass their data through the ethernet cable to the LAN and is that set up in the AP?  And I don't know what "put ACL's up at L3" means.  Other than those minor details, I think I am starting to get your drift.


This Discussion



Trending Topics - Security & Network