We’ve gone over the risks of using a Wi-Fi network that is insecure. But what if you want to connect with devices and do so securely? This is usually the case when one wants to
1. Provide wireless internet to a group of users who cannot access a restricted part of your Local Area Network (LAN). This can be called public access wireless internet users (even though it may not permit the general public to access the LAN).
2. The restricted part of your LAN contains your NAS, some PCs, and other devices. The restricted part needs to exchange files among other devices on the restricted part but not with devices on the public access side.
Let’s assume that you want to do wireless access on the restricted side. There are two ways to do this that come to mind. Purchase a router that supports at least 2 LAN subnets via wireless access points. The Adtran Netvanta 3120 with their Netvanta 150 wireless access point will do this; a Motorola WS 2000 will also do this. Configure subnet # 1 for restricted users and give it a subnet like 192.168.10.0/24 (24 means 24 bit subnet mask of 255.255.255.0); configure subnet # 2 for public users ADN give it a subnet like 192.168.20.0/24. Use the MAC address of the restricted devices to permit these devices onto the 192.168.10.0/24 subnet which will automatically put these devices in the proper subnet. All other devices will be automatically sent to 192.168.20.0/24. With separate subnets the 2 groups are separated in their own virtual LANS or VLANS.
Have your existing router and wireless strongly secured including MAC address validation, WPA or WPA2 with strong pre-share key. Note the subnet you have with this router (probably 192.168.0.0 / 24 or 192.168.1.0 / 24; no need to change, just note it. Purchase a second wireless router and give it a different subnet, something like 192.168.20.0/24 and do not provide security on it.