0

I have been asked to setup a public Wi-Fi point in a cafe. I've recommended they get two separate internet connections to ensure the two networks are separate however they haven't the budget for this setup.

I need a Public & Private WiFi networks on the same internet connection that can't talk to each other.

They have a Dreytec Vigour 2820n that supports VLAN's and multiple SSID's. Can I achieve what I want with this?

I have two access points to use as repeaters as the site is large.

Any help received gratefully!

0xFFFFFF
  • 1
  • 1

2 Answers2

1

Well, according to the documentation, yes. Your device will do what you want, however setting up repeaters and such is always a pain (check your MAC addresses!). Basically, you just establish two SSID's (ClientPrivate and ClientPublic) then set additional security like client isolation on the public network. Also, make your private network password something really rediculous so that no one sitting at the cafe has enough time to get lucky.

JohnThePro
  • 2,595
  • 14
  • 23
  • +1 - I know from experience of these models you can have 4 seperate SSID's, and you can enable isolation on any of these 4 as you wish - if you enable isolation a device will only be able to access internet/router but nothing else on the LAN. The 2830 is more interesting as you can have two totally seperate LAN's, but unfortunately I don't know them well. However, the real question is whether your repeaters will repeat multiple SSID's.... – Robin Gill Mar 06 '12 at 22:18
  • For his setup, if I'm seeing it the way he is, it might be in his benefit to only try to repeat the public network, leaving the private one at standard range. – JohnThePro Mar 06 '12 at 22:25
  • JohnThePro read my mind. I only intend repeating the Public WiFi point, as the Private only needs a relitavly small working area. – 0xFFFFFF Mar 06 '12 at 23:37
  • Then hit the checkmark. ;) – JohnThePro Mar 06 '12 at 23:38
0

Short answer (since there isn't a lot of information), yes. With VLANs and multiple SSIDs you should be able to shield different networks from eachother. So you can create a guest/customer wlan and and employee wlan.

Normally with a VLAN you should not be able to reach the other subnet, but it may be a good idea to explicitly block connections from the guest wlan to anything but the internet.

Of course configure the employee wlan to use wpa2 pre-shared key or what have you, maybe hide the SSID (though, since that is security through obscurity it's not that effective).

aseq
  • 4,610
  • 1
  • 24
  • 48