Required INI settings
 
ListenOnIP=192.168.0.2
 
DNSServerIP=[put a real DNS server here]
 
RedirectIP=192.168.0.3
AuthKeywordsFile=authorized.txt
AlwaysKeywordsFile=always.txt
 
BlockedIP=192.168.0.2
BlockedKeywordsFile=blocked.txt
AllowedKeywordsFile=allowed.txt
 
   
Explanation
 
This implementation, with separate LANs for the wireless guest vs. internal network, is strongly suggested to keep wireless patrons entirely out of the internal/office network.
Another way to accomplish this is if your firewall allows for multiple inside interfaces; such as LAN1, LAN2, or LAN1, DMZ you can use this second inside interface for the guest network.  See Example 9.
 
The Windows server runs DNS Redirector and two sites in IIS, each bound to a unique IP address.
 
* Optionally, an all-in-one device like the Cisco RV220W or ZyXEL ZyWALL USG20W could be used.  This would cut the cost of the separate Firewall, Switch, and Wireless AP as shown.  The only special consideration is that you must be able to specify the DNS Redirector server IP as the sole DNS Server handed out by DHCP Properties.
See FAQ 24.  Alternatively, you could run DHCP service from the Windows Server, turning it off on the Firewall.
 

 
DNS Redirector | Legal Information | 2003-2017