Too easy

[Key Keeper]

Ok, Im having a serious brain fart here. At work we have local network via 48 port switch. All machines run on a static ip within switch ip table. Im trying to connect a linksys wireless B router to a lan drop (from switch) that we have in the shop and make it just a wireless access point. For some reason I cant remember how to do this and seem to be screwing it up badly within the router configuration. I set the ip in router to static using an ip in the ip table set in the 48 port switch. Then disable DHCP on the router (machines have to have static ip for ADP software). Using other IP's from the switch ip table, I should be able to connect to the switch/internet this way right? I can get the machines to connect to the router but no internet. Am I missing something here? The switch also has our phone system plugged into it that works off of DHCP. I can plug a machine into the back of the phone using a static ip (on pc) and all works fine. Just can seem to use the router as an access point for some dumb reason.

Here is set up:

DSL router > 48 port switch (using static ip table)> wireless router (set w/static ip from switch table)> machine (w/static ip from ip table)= no workie.

DSL router > 48 port switch> phone using DHCP> pc using static ip from switch table=internet access....

I tried leaving the router on "obtain ip automatically" and still dont work. Am I missing a setting here?

[wvjohn]

when we did that at our office we had to put the wireless router on a separate subnet or whatever...don't exactly remember how we did it.

main>192.168.1.1
wireless >192.168.2.1

[eGoCeNTRoNiX]

What John Said..

eGo

[TheSovereign]

disable dhcp on the wireless router, change the ip to something obscure but within a private range. plug in the LAN port to your 48port switch and wala!
anything wireless is a security risk. keep in mind that wireless acts like a HUB EVERYONE GETS EVERYONES INFO

[Key Keeper]

When you say change ip, do you mean the ip for the router or the ip for the machine. Im assuming the router. I got it to work kinda. Set dhcp enabled on router, set a wpa password. Put static ip in router config for wan port (from switch table) and it works. The server in houston sees the static ip I put in the router as the machine/mac addy. Problem is, I cant see any of the other machines plugged into the switch (local network). I dont see any options in the router configuration to disable a firewall. Not sure if this router even has a firewall. Its linksys wireless B. Kind of old router.

[TheSovereign]

When you say change ip, do you mean the ip for the router or the ip for the machine. Im assuming the router. I got it to work kinda. Set dhcp enabled on router, set a wpa password. Put static ip in router config for wan port (from switch table) and it works. The server in houston sees the static ip I put in the router as the machine/mac addy. Problem is, I cant see any of the other machines plugged into the switch (local network). I dont see any options in the router configuration to disable a firewall. Not sure if this router even has a firewall. Its linksys wireless B. Kind of old router.

...
1. disable dhcp on the router if you already have dhcp on your network or dont want dhcp
2. set the router's ip to something that isnt occupied by something else on your network and is not in a dhcp's range
3. connect the LAN portion of the router to your 48 port switch...NOT THE WAN PORT. in fact put tape over the wan port so some idiot doesnt ever plug it in their
4. if you have VLAN's make the port the router is plugged into part of the appropriate VLAN
5. you are now working!

[ZYFER]

You should plug it in one of the LAN ports not the WAN port. You are likely to want DHCP disabled if all your IP addresses need to be static anyways.

The router has a NAT, they all do. Is there an option in the router settings to put it into Bridge mode?

[FlyingPenguin]

Ditto what they both said^

Leave the WAN port unplugged, connect it to the network via one of the other ports on the Wifi router.

BEFORE doing that, connect the router to a PC by itself and get into the control panel and set the LAN (not WAN) IP in the Wifi router's control panel to an available IP on your network, and then disable DHCP. That converts it to an access point only. You don't want to use the NAT router portion.

Keep in mind that you will, in the future, access the control panel in the Wifi router using it's new LAN IP, and it will no longer have DHCP so it will need to be connected to the network to get DHCP from whatever your office DHCP server is (probably your DSL router).


HOWEVER you said this is an old B router in which means it probably only supports WEP in which case I would throw it in the trash and buy a new one for $60. You DO NOT want to use WEP or (God forbid) an open Wifi access point on a business network. WEP can be hacked in minutes.

You want to use WPA2 if possible, WPA at least.


Now if this is intended to be used as an open public Wifi access point for internet only with no encryption then you need to do something much more complicated in order to isolate your secure office network from the unsecured Wifi network. One way to do it is explained at the bottom of this page: http://www.grc.com/nat/nat.htm

I personally prefer even more isolation than Gibson uses. I use 3 routers instead of 2 and I put both the office router and the Wifi router on a LAN behind a 3rd primary router that's behind your modem. That way both networks can't see each other at all. In Gibson's diagram he stacks the secure office router behind the unsecure Wifi router, which DOES fully secure the office router, but I don't like that all the office traffic is passing THROUGH the unsecured router and that someone in the secure office network could still see someone on the Wifi network because the Wifi network is fully exposed to the secure network. You may not think that's an issue but what if someone is using your unsecured access point and sharing a folder containing tantalizingly named files that are all infected with a keylogger trojan?

In the method I use, the two networks are totally isolated. The only drawback is things get a bit complicated if you have to setup port forwarding.

This is an example:

[Key Keeper]

I got it to work.

I set it to "automatically detect Ip" in for the wan port.

Set the local ip of the router to an ip one digit out of our range. (once set up no need to manage it)

Disabled DHCP

Selected WPA and set password

plugged lan cable coming from switch to lan port 1 on router (put tape over wan port)

All machines connect using static ips from managed switch wirelessly.


Only problem existing is the length of time it takes for each machine to see the internet. I can telnet/ping immediately but the browsers take forever to connect. These machines are running windows 2000 pro also and if Im not mistaken, 2000 does not support wireless natively so Im guessing its a software delay. There is one machine on our network "LRSC1" (xp pro box) that has a shared folder that will not show up on the 2000 machines for some dumb reason. Might be that LRSC1 is the max share connections limit has been met. Im trying to convince them to get a rack mount server and load 2003 server or 2000 advanced server on so we can trully run an internal domain and bypass the share restrictions with all these darn xp/2000 boxes floating around. My father in law is the IT admin at UT and he's schooling me on setting up domains/server roles/nas/scheduled backup apps (enterprise level).

[TheSovereign]

I got it to work.

I set it to "automatically detect Ip" in for the wan port.

Set the local ip of the router to an ip one digit out of our range. (once set up no need to manage it)

Disabled DHCP

Selected WPA and set password

plugged lan cable coming from switch to lan port 1 on router (put tape over wan port)

All machines connect using static ips from managed switch wirelessly.


Only problem existing is the length of time it takes for each machine to see the internet. I can telnet/ping immediately but the browsers take forever to connect. These machines are running windows 2000 pro also and if Im not mistaken, 2000 does not support wireless natively so Im guessing its a software delay. There is one machine on our network "LRSC1" (xp pro box) that has a shared folder that will not show up on the 2000 machines for some dumb reason. Might be that LRSC1 is the max share connections limit has been met. Im trying to convince them to get a rack mount server and load 2003 server or 2000 advanced server on so we can trully run an internal domain and bypass the share restrictions with all these darn xp/2000 boxes floating around. My father in law is the IT admin at UT and he's schooling me on setting up domains/server roles/nas/scheduled backup apps (enterprise level).

what switch do you have?, some switches need to know if multiple mac addy's will be connecticing via 1 port or they will take forever and a half to discover it, in other words, if your switch has a setting for "uplink" turn that on for the port that the wireless ap is occupying

[Key Keeper]

Unfortunately, I cant get into the switch. The asshats that set up the lan here and installed all the cables/switch/rack changed the password and local ip of it so cant telnet/console into it. I could reset it but that would reak havoc since the phones are tied into it as well. I would like to get into it and print the configuration though. We would have to call the company that installed it and see if they would hand the data over. Its a Dell Power connect 3448P.