Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3386
Views
0
Helpful
0
Comments

CaseNotesJavaNet

Kris Thompson
Level 1
Level 1

‎06-09-2009 11:15 PM - edited ‎03-01-2019 03:34 PM

 

Build a CafeNet

This case study provide a template for a small retail network that includes both Public network (CafeNet) and Private network (BackNet).

 

JavaNet Networks Public Network Business Network Interent

VLAN1 - CafeNetVLAN2 - BackNetDSL (WAN)
10.1.1.0/2410.1.1.0/24DHCP/PPPOE

 

Note: The funny routing tables is due to the lack of a router for the VLANs. Although the Linksys WRV210 supports VLANs, the routing functions do not support distinct subnets, the DHCP scope is also shared. The routing of VLAN subnets could be achived via router-on-a-stick and LAN switch hardware.

Business Context

Business owner is moving to a new location for a successful coffee house and wants to set up a robust network topology to support Public, Private, and perhaps DMZ access to the internet (IP).

  • Office computers and Point of Sale are MS Windows based.
  • Previous Windows 98 Point of Sale terminals are being retired for Windows XP based Point of sale.

Public applications

  • Cafe laptop and mobility IP users (802.11 wireless protocols)

Backoffice applications

  • Point of Sale (POS) terminals
  • Office applications (accounting)
  • Internet enabled coffee roaster
  • music management (iTunes)
  • digital signage

Proposed Retail Topology

This diagram shows the proposed diagram. Each network area (private, public, dmz) has allocated VLAN and SSID space for both wired and wireless clients. Only the CafeNet (Public) SSID will be advertised.

 

Javanet_topo.jpg

 

Hardware Selection

Business owner would like to use a low cost router to provide a single box to control router, wireless, VLAN capabilities. For this reason, the Linksys WRV200 and WRV210 are being evaluated.

 

Linksys WRV200 vs. WRV210

Ths WRV210 appears to be same device as the WRV200, but loaded with a significantly enhanced software feature set.

This shopping.Yahoo.com page provides a nice side-by-side comparison.

After hands-on evaluation with the WRV210, it has been determined that the WRV210 (and WRV200) implement "port-level" VLANs only. There appears to be no routing function available on box to route and filter between these VLANs.

To add subnet routing, you can use a Router-on-a-Stick network design.

  • e.g. [1] (in this case ASA Security Appliance)

 

Linksys WRV210 Configuration Journal

A Linksys WRV210 was purchased to support enhanced feature set and match local availability goals.

Similar to hooking up an electric circuit, get the branch circuit in place FIRST before applying the juice (in this case, do the Internet Connection last).

 

Out of Box Experience

Here is what is in the box:

WRV210 Box Contents

WRV210 Router
Power Adapter
10BaseT Cable (blue)
Quick Install Guide
CD-ROM

Product Registration Card

 
Linksys-wrv210_parts.jpg
 
 
Linksys WRV 210 Box Contents

Note: Ports on WRV210 are covered with a sticker with the following warning:
Attention: Using the default wireless security settings is a security risk, which can result in your network being accessible by unauthorized people. Users are strongly advised to consult with the user guide for setting up a secure wireless network.

 

Access Admin Console

Access admin console at default IP address of http://192.168.1.1

  • Your web client must be connected to an ethernet port of the WRV210 and using DHCP
 
Linksys-wrv210_adminaccess.jpg
 
 

Setup LAN IP DHCP Server

Using default subnet (192.168.1.0/24). Configured for 240 DHCP clients with 1/2 day leases.


 

Linksys-wrv210_lan-ip.jpg

Setup VLANs

 

Note: It is unclear so far what makes these VLANs. Looking for a way to use the VLANs to segment traffic by IP address block.

 

Looking for more info on VLANs here:

This seems to be some kind of "port-based vlan".

Sure enough, WRV200 and WRV210 use a "port-based VLAN". See this thread:


 

Linksys-wrv210_vlans.jpg

 

Apply Security Policies

  • Always administer your System Mgmt settings early in your configuration tasks.
  • Pay particular attention to the Admin credentials.
  • Change admin login credentials from defaults.

 

Admin Access Controls

On WRV210:


 

Linksys-wrv210_admin-config.jpg

 

Setup Basic Wireless


 

Linksys-wrv210_wireless-basic.jpg

 

Setup SSIDs

SSID CafeNet: VLAN1, No Security, Wireless Isolation SSID BackNet: VLAN2, Security = WPA2-Mixed = {WPA2-Personal|WPA-Personal}, Shared Secret

 

CafeNet Settings

The Public Wireless Hot Spot - CafeNet.

 

Linksys-wrv210_wireless-sec-cafenet.jpg

 

BackNet Settings

Used to connect via WPA-Personal or WPA2-Personal to the VLAN2 BackOffice ports.

 

Linksys-wrv210_wireless-sec-backnet.jpg

 

Enable Internet Connection

...pending...

 

== Notes ==

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents