01-13-2010 09:07 PM
got a bit of a problem that I've spent the past 3 hours trying to nail down. My main router is a MI424WR for my FIOS connection. It serves several computers, wired and wireless. I have an old linksys BEFW11S4 router that I am trying to use with a weaker (WEP) encryption so some devices can still use internet that would not otherwise access a WAP or WAP2 access point, and since WEP is easily crackable, I would like to isolate the WEP router (linksys in this case) from the rest of the internal network, which contains shared files)
As it stands, I have connected the WAN port of the linksys to one of the LAN ports of the MI424WR, assigned 192.168.2.1 as linksys' IP address (on a separate subnet, as the FIOS router has a 192.168.1.1 address), received a DHCP Internet address from the MI424WR, and have also enabled DHCP on the linksys router itself in order to allow client devices to get their own addresses and access the internet.
Now, based on what I've been reading, connecting the main router's (MI424WR) LAN port to the WAN port of the linksys should create two separate LAN segments, which should separate the local networks from one another. There is obviously something I'm missing here... I am getting essentially the same result as connecting the LAN port of the FIOS router to the LAN port of the linksys router. Shouldn't there be a difference between the WAN and LAN ports in this case?
Any help is appreciated.
01-13-2010 11:57 PM - edited 01-14-2010 12:04 AM
The hookup that you did will only protect the BEFW11S4 users from the MI424WR users. It will not protect the MI424WR users from the BEFW11S4 users.
This is because the WAN port on the BEFW11S4 only blocks unsolicited data coming into the BEFW11S4. The WAN port does not block any outgoing data.
The solution to your problem is this:
MI424WR ---- BEFW11S4
---- WRT54G (or any other wireless router of your choice)
MI424WR LAN port wired to BEFW11S4 Internet port.
MI424WR LAN port wired to WRT54G Internet port.
No other devices connect to MI424WR, either by wire or wirelessly.
Turn off wireless in the MI424WR.
All wired and wireless computers (and other secured devices) connect only to the WRT54G, which is using WPA or WPA2 and a strong password.
In this setup, the Internet port of the WRT54G will prevent intruders from getting into your secured network on the WRT54G, even if the BEFW11S4 is compromised.
Also the BEFW11S4 and the WRT54G should be using:
1) different SSIDs
2) different encryption methods
3) completely different passwords, that are in no way similar, since someone might crack your WEP password.
4) different channels. There are 11 channels to pick from. You can use any two channels, but ideally they should be 5 or more channels apart. Channels 1, 6, and 11 usually work the best.
01-14-2010 12:41 PM
01-14-2010 12:43 PM