Any suggestions on the best way to do this?
1) I need to add several WiFi access points to a LAN. To keep things
secure I plan to put the WiFi APs on a different subnet than the main
network. Both networks will be operating on the same set of network
wires. Is running on different subnets sufficient to keep my main network
secure?
2) The existing router (Netgear FVS114) does not have a DMZ port. It does
let me specify a DMZ computer by IP address, but that wil be on the same
subnet as the rest of the LAN. So I'm assuming that this would not give
me the security I need. Am I right or is there some way to get this to
work without adding another router?
3) I don't want to replace the existing router because it handles the VPN
and I don't want to redo all that work. I'm thinking I should add a
second router between the existing router and the WAN. Then connect my
APs and the old router to the new router's insecure LAN? Anyone see any
problems with this?
New subnet/24 Old subnet/24 192.168.1.xxx
WAN->Router->(10.10.10.xxx)-+-Router->(192.168.1.xxx)--+->LAN
| |
| |
| | 10.10.10.xxx
+--------------------------+->WiFi AP#1
|
+->WiFi AP#2
|
+->WiFi AP#3
|
etc.
Does it make sense to plug both the in and out ports of the old router
into ports on the same switch?
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
