Got everything ready for the wifi set-up: shared high-speed bandwidth (I-gate), router (linksys), and access point (wireless-N). The challenge now is to how to put up the wireless infrastructure, that uses the same router and bandwidth as our office LAN, while keeping our LAN secure from any public access and giving it bandwidth priority.
It shouldn't be a problem if we have a managed switch from Cisco (we used to have one before, but it got busted after it went out of warranty :P). I could have created a VLAN and built the infrastructure from there. You see, running a public wifi access and a private LAN on the same physical segment, the same broadcast domain is crazy. You don't want visitors hacking into your office computers right? With VLANs, I can set-up another logical, virtual network, that is separate from our existing network. But we don't have a managed switch, so there's the problem.
I came up with a multihomed server with 2 network interfaces, (one connected to the wireless access point and the other to the I-gate router), and set it up as a DHCP server (bound to the access point only), DNS cache-only server and a NAT/Proxy server. Routing is disabled so wifi clients have access only to the NAT/Proxy server, and not beyond. Bandwidth is managed at the I-gate router giving less priority to the port where wifi is connected and more priority to the office LAN.
Hack-tested the set-up and I'm quite happy with the result. Wifi clients have internet access, not directly, but c/o the proxy server. Now, you can have coffee at our coffee shop, eat your carrot cake and surf the web for free :)
No comments:
Post a Comment