- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Lockdown the satellites extended portion of an open guest wifi
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Lockdown the satellites extended portion of an open guest wifi
Hey everyone,
So my limited knowlege regarding wifi and networking leaves me unable to know where to start looking for the solution to my question. This is why I love these forums of helpful knowlegable citizens. Background: Where I work, we have an open wifi for customers that only extends to a small portion of the building. The other portion of the building, where we work, does not have wifi. It is on a seperate network with hardwired acess only controlled by a rigid firewall and limited to select authorized hardware. No wifi is allowed on the network. We do have a few devices that we use that we can't put on the network, nor would we want to because it would create a lot of headache, but they need to communicate with eachother and recieve large software updates to take full advantage of them. Without wifi, it is very cumbersome. Lots of unplugging and plugging in ethernet cables for local connection. It is very cumbersome to operate. Also, cell phone towers of all companies are so limited that buying a little hotspot will not work. The signal is so poor. So if I could use a mesh network to extend the guest wifi all the way to where the devices are located, that would solve the issue. I would need to lock down that portion of the mesh network though. The management doesn't want the guest network available thougouht the work for fear the employees will be on the internet and not work. Also, the devices do contain PPI. I know this is pretty rigid but I don't have control over that. I just need a way to extend the open wifi with a mesh network, but make the extended portion of the satellites on a separate SSID that can be password protected and encrypted. I feel like range extenders won't work because it is a pretty good distance, and the signal would be too weak. This is obviously an asumption because I don't really have enough knowledge to say that for sure. I think a range of 4000 sq ft would be cover the area needed from the original router. The systems department is super lazy and so the easier and simpler the solution can be, the more likely it can be implemented. Their first reponse is always no without thinking. Thanks so much for reading. Any ideas would be great. Thx!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Lockdown the satellites extended portion of an open guest wifi
Hi spizilly,
Welcome to our community! 🙂
Thank you for choosing NETGEAR! Orbi Pro WiFi 6 can already accommodate your office. Its own guest network is also secure and it also supports client isolation that can be enabled/disabled in order to protect your own device.
Regards,
John
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Lockdown the satellites extended portion of an open guest wifi
A lot of this depends on the configuration of your office LAN, especially what kind of router and firewall you have and how DHCP settings are assigned. I suggest:
1) Configure the wifi hub as an access point and not as a router, and connect it to the LAN's router. Let the LAN's router manage its traffic.
2) Create a VLAN on the office network for the guest wifi network. You should have at least two VLANs, one for the guest wifi network and one for office devices.
3) Create a DHCP server for the VLAN to serve the guest wifi network. If possible, assign IP address reservations for the devices you want to allow to connect to devices on the office VLAN.
4) Route only the specific traffic you want to allow from the wifi VLAN to the LAN. You might be able to limit it by MAC address, but two-factor authentication may be the best option, since a properly configured mobile device spoofs its MAC address when it changes networks.
I hope this helps.