CaseNotesJavaNet

Document

Jun 9, 2009 11:15 PM
Jun 9th, 2009

Build a CafeNet

This case study provide a template for a small retail network that includes both Public network (CafeNet) and Private network (BackNet).

JavaNet Networks
Public Network Business Network Interent
VLAN1 - CafeNetVLAN2 - BackNetDSL (WAN)
10.1.1.0/2410.1.1.0/24DHCP/PPPOE

Note: The funny routing tables is due to the lack of a router for the VLANs. Although the Linksys WRV210 supports VLANs, the routing functions do not support distinct subnets, the DHCP scope is also shared. The routing of VLAN subnets could be achived via router-on-a-stick and LAN switch hardware.

Business Context

Business owner is moving to a new location for a successful coffee house and wants to set up a robust network topology to support Public, Private, and perhaps DMZ access to the internet (IP).

  • Office computers and Point of Sale are MS Windows based.
  • Previous Windows 98 Point of Sale terminals are being retired for Windows XP based Point of sale.

1. Public applications

  • Cafe laptop and mobility IP users (802.11 wireless protocols)

2. Backoffice applications

  • Point of Sale (POS) terminals
  • Office applications (accounting)
  • Internet enabled coffee roaster
  • music management (iTunes)
  • digital signage

3. Proposed Retail Topology

This diagram shows the proposed diagram. Each network area (private, public, dmz) has allocated VLAN and SSID space for both wired and wireless clients. Only the CafeNet (Public) SSID will be advertised.


Javanet_topo.jpg

Hardware Selection

Business owner would like to use a low cost router to provide a single box to control router, wireless, VLAN capabilities. For this reason, the Linksys WRV200 and WRV210 are being evaluated.

4. Linksys WRV200 vs. WRV210

Ths WRV210 appears to be same device as the WRV200, but loaded with a significantly enhanced software feature set.

This shopping.Yahoo.com page provides a nice side-by-side comparison.

After hands-on evaluation with the WRV210, it has been determined that the WRV210 (and WRV200) implement "port-level" VLANs only. There appears to be no routing function available on box to route and filter between these VLANs.

To add subnet routing, you can use a Router-on-a-Stick network design.

  • e.g. [1] (in this case ASA Security Appliance)

Linksys WRV210 Configuration Journal

A Linksys WRV210 was purchased to support enhanced feature set and match local availability goals.

Similar to hooking up an electric circuit, get the branch circuit in place FIRST before applying the juice (in this case, do the Internet Connection last).

5. Out of Box Experience

Here is what is in the box:

WRV210 Box Contents
WRV210 Router
Power Adapter
10BaseT Cable (blue)
Quick Install Guide
CD-ROM

Product Registration Card


Linksys-wrv210_parts.jpg


Linksys WRV 210 Box Contents

Note: Ports on WRV210 are covered with a sticker with the following warning:
Attention: Using the default wireless security settings is a security risk, which can result in your network being accessible by unauthorized people. Users are strongly advised to consult with the user guide for setting up a secure wireless network.

6. Access Admin Console

Access admin console at default IP address of http://192.168.1.1

  • Your web client must be connected to an ethernet port of the WRV210 and using DHCP

Linksys-wrv210_adminaccess.jpg


7. Setup LAN IP DHCP Server

Using default subnet (192.168.1.0/24). Configured for 240 DHCP clients with 1/2 day leases.



Linksys-wrv210_lan-ip.jpg

8. Setup VLANs

Note: It is unclear so far what makes these VLANs. Looking for a way to use the VLANs to segment traffic by IP address block.

Looking for more info on VLANs here:

This seems to be some kind of "port-based vlan".

Sure enough, WRV200 and WRV210 use a "port-based VLAN". See this thread:



Linksys-wrv210_vlans.jpg

9. Apply Security Policies

  • Always administer your System Mgmt settings early in your configuration tasks.
  • Pay particular attention to the Admin credentials.
  • Change admin login credentials from defaults.

Admin Access Controls

On WRV210:



Linksys-wrv210_admin-config.jpg

10. Setup Basic Wireless



Linksys-wrv210_wireless-basic.jpg

11. Setup SSIDs

SSID CafeNet: VLAN1, No Security, Wireless Isolation SSID BackNet: VLAN2, Security = WPA2-Mixed = {WPA2-Personal|WPA-Personal}, Shared Secret

CafeNet Settings

The Public Wireless Hot Spot - CafeNet.


Linksys-wrv210_wireless-sec-cafenet.jpg

BackNet Settings

Used to connect via WPA-Personal or WPA2-Personal to the VLAN2 BackOffice ports.


Linksys-wrv210_wireless-sec-backnet.jpg

12. Enable Internet Connection

...pending...

== Notes ==

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 9, 2009 at 11:15 PM
Stats:
Comments:0 Avg. Rating:0
Views:2935 Contributors:0
Shares:0

Related Content

Documents Leaderboard