Add a wireless router in existing network and make more security

currently, user connecting wireless router existing network in office.

local lan (192.168.1.x) connected wireless router wan port (assigned ip 192.168.1.10) , wireless router enable dhcp (172.13.1.x) . wireless client (mobile / laptop /tablet) can ip (172.13.1.x) wireless router to access internet. find can access lan server (192.168.1.x) using ip address

then it's not safe if illegal user hack in wireless lan , can access lan resources.

since don't want invest setup vlan, can this?

they have firewall. 

1. setup separate lan (e.g. 10.10.10.x) wirelese router. wireless router still connected on same lan swtich.

2. assign 10.10.10.10 wireless router's wan port , wireless router still enable dhcp (172.13.1.x).

3. setup firewall rule wireless lan - access deny

4. setup firewall rule wireless firewall wan - access allow

so wireless client cannot access lan resource. if need access printer or server's share drive, setup rule allow specific service , specific server ip wireless lan.

is okay or more safe? please advise.

1. setup separate lan (e.g. 10.10.10.x) wirelese router. wireless router still connected on same lan swtich.

2. assign 10.10.10.10 wireless router's wan port , wireless router still enable dhcp (172.13.1.x).

3. setup firewall rule wireless lan - access deny

4. setup firewall rule wireless firewall wan - access allow

so wireless client cannot access lan resource. if need access printer or server's share drive, setup rule allow specific service , specific server ip wireless lan.

hi ecoaxis,

as far i'm concerned, your proposal makes sense, secure lan.

best regards,

anne he

---

please remember mark replies answers if , unmark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com.

Windows Server  >  Platform Networking