My friend and colleague Keith Shaw [http://www.networkworld.com/Home/kshaw.html] forwarded to me a note with the following question from a NWW reader (slightly edited here):
"I need to set up five different wireless networks in one building. Three need to be to be separate (three offices that can't connect to each other; traffic must be encrypted), one that is open to public and one that is a backside router (open router). How would I go about doing this?"
I know the first inclination of many is to just go out and buy five different access points. Simple. But a better solution is to use an enterprise-class WLAN switch/controller product and simply define multiple SSIDs, and then map each one to its own VLAN or otherwise define the SSIDs so that they route as desired. Encryption can be similarly separately managed, as can upper-layer (e.g., 802.1X) authentication. Think of each SSID as a "virtual" wireless LAN sharing a common hardware platform. Even though a centrally-managed WLAN system will cost more than five of what you can get at the electronics superstore, the improved management and other facilities inherent in products in this class will make your life a lot easier in the long run.
And I want to stress again that it is never a good idea to leave any SSID completely open, lest deviants use it for some kind of malfeasance. Always have a user sign a (virtual, if necessary; paper is better) acceptable-use policy and assign a unique username and password that expires after a given amount of time. The law is not well-established here, so it's best to at least do the minimum to protect your potential liability.
Mathias is a principal at Farpoint Group, a wireless advisory firm in Ashland, Mass.
|
|
Post new comment