08-24-2010 02:13 PM - edited 07-03-2021 07:07 PM
My hospital has a LAN with a server running Server 2003, about 40 hardwired
work stations and various network printers. The network receives its internet
access through two T-1 lines, each interfaced through a Cisco router. In
addition, several COWS(computers on wheels) connect to the LAN through a
wireless network consisting of three Cisco Aironet 1130AG WAPs using
WPA encryption. We need to be able to give the public access to the
internet without compromising the security of the LAN. Can I create a second
SSID in the 1130AGs in such a way that the public can have access to the
internet, but not be able to hack into the hospital LAN?
08-25-2010 09:21 AM
Ben,
This is possible, you would need to create a new VLAN on the LAN to support the guest users. Then trunk to the AP, as we will now have multiple SSID and VLAN that we need to pass traffic for. The way you keep the "guest" from the "internal" is to put ACL's up at L3 that deny traffic between the two subnets.
08-25-2010 11:23 AM
Thanks for your response Stephen. Pardon my ignorance, but I would appreciate it if I could ask you some questions in order to understand your answer.
So each of my three AP's is connected to the LAN via an ethernet cable. When you say "trunk to the AP", are you talking about how the two separate SSID channels pass their data through the ethernet cable to the LAN and is that set up in the AP? And I don't know what "put ACL's up at L3" means. Other than those minor details, I think I am starting to get your drift.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: