-1

My company's network contains various LAN workstations and Servers, controlled by a Smoothwall firewall/gateway.

Currently the Smoothwall routes outbound traffic automatically to an ADSL model (it can't have a new network card sadly, so can't load balance). Incoming traffic is routed, and must remain routed, through the ADSL connection to various servers.

We want to get a Virgin Fibre Broadband line and for users to be able to use this connection, if they wish, whilst also being able to use the current ADSL connection.

I know I can turn off DHCP on the new router and configure workstations, manually, to use this gateway. I have done this before. However, people will be coming in and out of the business (guests and employees) who will use the wireless connection (phones/tablets/laptops included) and they don't want to (and sometimes can't) change their IP settings constantly, on devices where it might not be very easy.

What I want, is for uses on a wireless connection (new is fine) to default to using the new gateway/router, without impacting the existing, complex (somewhat precarious) structure and for wired users to be able to use the new gateway/router (with manual configuration I suppose) or the existing/default gateway/router (Smoothwall box).

I can't make any changes to this Smoothwall box, or servers, including replacing them.

I can make any changes to workstations and insert additional devices (wireless access points/routers etc).

I wasn't sure if I could create a second network, somehow, that can route outbound traffic through the second line, while also being accessible by the existing network (manual configuration).

Basically, I can add to the structure, but I cannot take away.

Dom
  • 55
  • 1
  • 10
  • 2
    You are unable to perform the necessary modifications to your network to make this happen. You'll need to take this up with whomever has control of those devices. – EEAA Sep 29 '14 at 17:11

2 Answers2

1

I'm assuming you currently have all your devices in a single segment (everything connected to a switch) and that the switch/firewall/gateway devices related to the servers should be remain unchanged.

With that in mind, you can add a new router with 3 interfaces:

  • int0 - connected to the old switch that has the servers and ADSL gateway
  • int1 - connected to the new switch for the office wired network
  • int2 - the wireless network

The reason for segregating the old network to a separate segment is to avoid broadcast (like DHCP requests) from reaching the office workstations. You can leave DHCP enabled in the Smoothwall device and it won't interfere with the DHCP server in the wireless/office network.

You can also have the new router with only 2 interfaces and have a separate Access Point connected to the office switch for wireless users.

Giovanni Tirloni
  • 5,693
  • 3
  • 24
  • 49
1

What I do in a similar scenario heavily relies on 802.1q (vLANs) and a lot more configuration required. Although it does depend on whether you have smart / managed switches.

To modify your existing infrastructure - Modify your switch with multiple vLANs (old network / new network / guest network etc.) and connect the new WAN to the new vLAN.

However the way I would recommend is (very brief) -

  1. New firewall/router with multiple interfaces, one for each network or even Trunk the connections.
  2. Add the dual WAN connections load balanced as external connections with QoS to your liking
  3. Set up either a single DHCP server with DHCP relaying between the different vLANs
  4. Dependent on the access point, have multiple SSID's trunked (802.1q) to the switch broadcasting each vLAN.

To take it one step further and to increase security - install a RADIUS server somewhere and implement WPA2 Enterprise for increased security and greater control on who has access to the wireless infrastructure.

A huge benefit of this is it keeps guest access out of your corporate private network.

I've implemented this setup in multiple companies and it works very well.

Rhys Evans
  • 919
  • 8
  • 23