So, the laptops "on the floor" are connecting to the open wireless router, and you want them to see printers connected to the private network? Is that correct? Without knowing what kind of routers you're talking about (Cisco or ??) and more about your existing network architecture, it's hard to recommend a particular solution. Here are a few ideas:

• Have the laptops on the public network connect back to the private using VPN
• Put the printers on the private network in a DMZ
• Forward/NAT traffic on the printing related ports (9100, 631, or whatever) from the public LAN through to the printers on the private LAN

posted by paulg at 1:53 PM on September 17, 2009

I think you would need to establish bridging between the wired and wireless (employee) network. In practical terms this most probably means that you will need to tell the wireless router to bridge into the existing wired network.

As an example this would disable any DHCP server giving out IPs in the wireless router, so that wireless devices would get their IP from the wired router and thus will be in the same network.
posted by oxit at 2:11 PM on September 17, 2009

Good grief. You do not want to bridge your _public_ wireless and _private_ wired networks.

You either want (a) a _private_ _wpa2_ secured wireless network (many access points can handle this) that the laptops need to explicitly log into or (b) the laptios are going to need to VPN in just as if they were coming in from the public internet.

You cannot trust any property of the laptop such as MAC address or whatnot as legitimate since they can be mimicked trivially.

Given good equipment, I would suggest (a), but I assume you have a solution for (b) anyway already in hand.

If you can state the vendors in question, I will attempt to give you a better answer.
posted by rr at 2:17 PM on September 17, 2009

(and by "handle this" I mean that a single access point can offer multiple networks to clients)
posted by rr at 2:26 PM on September 17, 2009

Are the 3 routers sharing the same internet connection?
posted by IanMorr at 2:28 PM on September 17, 2009

What oxit said - you want the "secured' wireless network to act as an AP and not a NAT/router - so whether you are plugged into the wall or on the secured wifi network, you are on the same network. That's the simplest solution.

* Make sure the wifi is secured properly with wpa2 and a good random key/password. WEP is not acceptable under any circumstances, and neither is wpa2 with a dictionary-based password.

* Many would recommend against this, depending on the level of security required - secured wireless is less secure than not having wireless.
posted by TravellingDen at 2:54 PM on September 17, 2009

You'd get more useful suggestions if you provided a network diagram showing your existing arrangements.
posted by flabdablet at 4:38 PM on September 17, 2009

Internet connection to router/firewall that splits network into the private net and the public net. Public net has its own access point, dhcp, etc. Private net has the same. Wireless on the private net is simply an access point, does not do any routing or NAT-ing or anything.
posted by gjc at 4:53 PM on September 17, 2009

oxit and rr are right on.

For bridging, there are commercial solutions, but the cheap-and-cheerful way to manage is to download Talisman or DD-WRT and throw it on a Linksys WRT54G or similar.
posted by nometa at 8:56 PM on September 17, 2009

How much money can you throw at it? It will be a big factor in your solution.

Could you guys afford an Aruba networks wireless solution? Nortel? Airwave?
posted by burhan at 10:26 AM on September 18, 2009

Good grief. You do not want to bridge your _public_ wireless and _private_ wired networks.

Yes, rr is right, you do not want this. Just to make sure: I suggested to bridge "between the wired and wireless (employee) network". No changes to the public wireless network required.
posted by oxit at 11:25 AM on September 20, 2009

This thread is closed to new comments.