How do I set up a WLAN guest access? What brings me an additional, limited wireless network? With a secluded second WLAN you create an additional security level in the home network – not just from curious co-users. The WLAN router at home ensures connectivity by assigning all clients connected to it to a private network and giving each device access to the Internet. At the same time, the router is also the most important security against unauthorized access from the Internet as it blocks any WAN-side connection attempts.
MAC Changer
The fact that all devices in the home network can access each other as equal partners at any time makes sense - as long as they are your own devices. However, it will be a problem if you want to share your WLAN access with friends, acquaintances and guests - or when your child has received the first tablet or smartphone for his birthday. As soon as you pass the WLAN password for your home network to a third person, the corresponding device becomes the full-fledged home network client and can access all services or shares on your home network. Either you give this person special trust - or you will change the WPA2 password in the Access Point. However, you must change the new password to all other WLAN clients at home.
This complicated and time-consuming procedure will probably not happen too often. The subsequent lockout via a MAC address filter can now easily be avoided.
Configure WLAN guest access - this is how
Attention: Securing your WLAN using reserved MAC addresses can be avoided with tools that change the MAC address.
1. Enable WLAN Guest Access in Router
MAC Address Changer 6.0.5
The MAC Address Changer 6.0.5 tool changes the MAC address of your network adapter through a registry entry. This allows you to bypass the MAC address filter of a WLAN router by simply logging in under the wrong name, ie the MAC address of an already authorized client. This so-called MAC spoofing is also often used by hereditary people to circumvent childrens filters.
A similar problem could occur if you give your children equal access to the home network, but also use your home network as a home office. In principle, neither your guests nor your children should be subjected to malicious intentions. But an uncomfortable feeling remains. Therefore, divide your home network into a number of different zones: the private zone is only for you and your sensitive home networks, such as NAS, office servers, and so on, which no other user can access on the home network.
The (WLAN) access to this subnet is only known to you. The second area, on the other hand, is reserved for guests, friends, acquaintances or the entire family. The general access is via a separate WLAN SSID with a separate WPA2 password. Both the devices in the general zone as well as the devices in your private zone continue to access the Internet via your modem router. However, no device from the general zone should be allowed access to your private zone.
In the following, we present two different solutions with which you can realize such zoning in the home network. The first solution is already integrated as a guest WLAN function in most half-modern WLAN routers. For the second solution, you need a total of two routers, which are connected as a cascade.
Already for several years many network manufacturers equip their WLAN routers with a guest WLAN function. In AVMs Fritzboxen the option was already introduced with the first 802.11n router. As soon as you activate the guest WLAN, the access point in the router extracts an additional WLAN network with its own SSID in addition to the main SSID.
Important: In the basic settings the guest WLAN is completely separated from the clients in the private WLAN as well as all LAN clients at the router. The separation between private (W) LAN and guest WLAN sometimes takes place via individual network addresses, sometimes the guest WLAN clients are also virtually disconnected. Most routers also offer a setting that can completely separate the separation from the guest WLAN. This at first glance questionable setting makes sense: You can, for example, temporarily give a guest access to your media server in the private LAN without having to give it your password for the private WLAN. Then just disconnect the two networks.
Also practical: Some WLAN routers, like the Fritzbox, offer additional filter possibilities for the Internet access in the guest WLAN. For example, you can only allow your guests to surf or mail. In the Fritzbox menu under Internet / Filter / Gastnetz, you can filter pages that are called up with the BPjM module, or you can adjust restrictions on the guest access individually by service.
A router cascade is called the cascading of two (or more) routers. Even with a router cascade, you can split your home network into two separate areas. However, this breakdown works somewhat differently here than with the guest network. The guest network is completely separated from the rest of the home network, meaning that you can not switch from the guest network to the home network or from the home network to the guest network.
2. WLAN guest access via router cascade
This is different for a router cascade: Here you switch behind the home network router or main router a second router, which will be referred to as the next router. The main router continues to connect to the Internet. The secondary router, however, sees the private network of the main router as an Internet.
What impact on connected clients has such a router cascade? As with the guest network solution, each client, whether connected to the main or secondary router, still has access to the Internet. The differences: All clients that are connected to the secondary router can also access main router clients, since the secondary router allows all connections to the outside, in the network of the main router, in the basic settings. So you can access a NAS from a PC on the side router, which is attached to the main router. However, this process does not work the other way round. So if you try to access a NAS that is attached to the secondary router from a main router PC, this external connection attempt is blocked by the firewall of the secondary router.
Without a WAN connection, it's not
For this reason, the router cascade is particularly suitable to protect an office area at home (home office), for example, in front of the own, mostly younger family members, roommates and so on. Another advantage of the cascade: potential attackers from the Internet have to hack not only one, but two routers to get data on your NAS.
The sub-router is connected to any LAN port on the main router through its Wide Area Network (WAN) port. The WAN port on the router is usually used to connect to the DSL or cable modem. You can use any router for your cascade that has such a WAN port. Routers with an integrated DSL or cable modem, which are also called modem routers or gateways, can only be used as a secondary router if the internal modem can be deactivated. With a Fritzbox of AVM, which basically has a modem integrated, for example, the LAN-1 port can be reconfigured to the WAN port. This change takes place automatically as soon as you select the option Existing access via LAN in the user interface under Internet / Access data
Also, make sure that the (LAN cable) connection between the main and secondary routers is not too short. Ideally the sub-router is in a lockable room (office).
Configuration required
Router cascade: Configure secondary router
However, the router cascade does not work yet if you connect the two routers only by LAN cable. You must also usually configure the WAN interface of the secondary router. The following workshop describes how to do this:
Perform the following setting before (!) You connect the slave router to the main router through its WAN port.
1. Web Interface Secondary Router
Connect your notebook to a LAN port on the side router using an ethernet cable and open its user interface.
2. Set external IP address
Set the external or Internet IP address of the slave router. This is necessary for your sub-router to become part of the private or internal network that is being hooked up by the main router. To do so, switch to the Internet, Internet connection or Inter- net device area of the secondary router. If necessary, search for the keywords Static IP or PPPoE in the online help or the manual of the router. Under the Internet Connection Type or Internet Connection Type setting, select Static IP. Right underneath you have to enter some network data. As the Internet IP address or IP address of the Internet provider, select the internal IP address of your main router, but replace the number 1 in the fourth address block with another, for example, the number 2 or 10. As a subnet mask, assign as always In the home network router the number 255.255.255.0.
3. Default gateway address
As the (default) gateway address and as the first DNS server address (DNS1), enter the complete internal IP address of your main router - including the 1 in the fourth numeric block. For example, if your main router has the network IP address of 192.168.178.1, enter 192.168.178.2 as the static Internet or external IP address for your secondary router. As a subnet mask, you assign the 255.255.255.0 as the (default) gateway address and also as the primary DNS address the 192.168.178.1
4. Check internal IP address
Also note that the internal IP of the secondary router must be different from the internal IP of the main router in the third block of numbers. For example, if your main router has an internal IP address of 192.168.178.1, then your sub-router should not span its internal network with 192.168.178.1, but with 192.168.0.1 or 192.168.12.1, for example. You can insert any number between 0 and 255 into the third number block, except the number already used in the third block of the main router.
Then connect the two routers by cable. Plug one end of the Ethernet cable into a LAN port on the main router, the other end into the WAN or Internet port on the side router. All devices that you connect to the slave router from now on are located in their own network and can not be reached from the main network. The access from your Büronetz PC to a device in the network of the main router, however, already works.
No comments:
Post a Comment