dignified
asked on
VLAN, segmenting networks with IP pass through
I currently need to setup a segmented network where one network can use the internet normally but only one computer on the other network can use it.
I am thinking of getting a managed L2 switch and assigning 2 VLANs: 192.168.1.0/24 and 192.168.2.0/24
There is only one internet connection via DSL and the DSL router will assign IPs on the 192.168.1.0 subnet. I need the computer 192.168.2.10 to able to see the other computers on the 192.168.2.0 subnet AND be able to go out onto the internet.
How can i do this? At first I thought about using two IP addresses (one on each VLAN) on the 192.168.2.10 machine but I would rather not have to resort to that. Would I need a separate bridge?
I am thinking of getting a managed L2 switch and assigning 2 VLANs: 192.168.1.0/24 and 192.168.2.0/24
There is only one internet connection via DSL and the DSL router will assign IPs on the 192.168.1.0 subnet. I need the computer 192.168.2.10 to able to see the other computers on the 192.168.2.0 subnet AND be able to go out onto the internet.
How can i do this? At first I thought about using two IP addresses (one on each VLAN) on the 192.168.2.10 machine but I would rather not have to resort to that. Would I need a separate bridge?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
it would be more simple to do so with a firewall machine that'll limit the specific machine's outgoing packets to the internet.
A $150 layer 3 switch!?!? What is it? From Ebay?
Sonicwall: http://www.sonicwall.com/products/pro2040.html
I agree with you about the Linux idea. :)
Sonicwall: http://www.sonicwall.com/products/pro2040.html
I agree with you about the Linux idea. :)
ASKER
craigslist, just down the street from me. It's this one, http://www.hp.com/rnd/products/switches/switch2524-2512/specs.htm The 2524. Actually now I'm not sure if it is is L2 or 3, maybe you guys can check on it for me please.
ASKER
I'll also say that I don't necessarily want just 2 segments to the network. I can see there going up to 8.
That's a layer 2 switch only.
"Low-cost. Layer 2 managed stackable"
"Low-cost. Layer 2 managed stackable"
Looks like the HP Procurve 2650 is Layer 3 capable - "Light layer 3 managed"
ASKER
Woops, you're right, I'll have to see what I can find for the best deal. I see this L3 switch http://www.newegg.com/Product/Product.asp?Item=N82E16833122078 Not too badly priced and its new.
"light" layer 3 probably means that it will route, but you can't put access-list rules in to restrict/allow specific hosts.
If you want the restrictions and the vlans then you may have to look at something more capable.
Take a look at Adtran 1524 series router/switch/firewall combo. Relative to a Cisco solution, these are pretty cheap.
If you want the restrictions and the vlans then you may have to look at something more capable.
Take a look at Adtran 1524 series router/switch/firewall combo. Relative to a Cisco solution, these are pretty cheap.
ASKER
I will also say, that I plan another VLAN which will run a VPN. This managed switch will go in a central warehouse and I have 6 stores around town. Each building has its own business dsl connection with 5 static IPs. I have a server in warehouse that the satellite stores need to be able to talk to. So I want a VPN linking all of these stores. Looks like the sonicwall will do this but it is really expensive. hmmm. I don't have this much money to spend, was hoping to find something for $400. I might have to end up using Linux afterall.
Yeah, with your added specs/plans - you really need a firewall. You're going to have to pay one way or another - time or money.
You can have it good, cheap, or fast. Pick 2.
You can have it good, cheap, or fast. Pick 2.
ASKER
This isn't actually my business, I'm contracting various computer work and my current job is to setup his large medium sized network. I have messed with firewall stuff in linux before, but not for a while. Anyone ever use ipcop.org? One thing I'd like to avoid is having to come back to reboot the linux box for free.
Take a look at the Linksys RV042 for the warehouse VPN, just plug it into one of the VLAN's.
I'm assuming that this warehouse will also have the VLAN's?
Agree with pseudocyber. You can't have everything you want without paying for it one way or another. Either you end up working many hours for free or you spend a little money and do it right the first time.
I'm assuming that this warehouse will also have the VLAN's?
Agree with pseudocyber. You can't have everything you want without paying for it one way or another. Either you end up working many hours for free or you spend a little money and do it right the first time.
ASKER
For the VPN I will first try Sveasoft, a third party firmware for the WRT54g. I will try to convince my client to get one of those Adtran 1524 routers. Anyone else have any suggestions as to a full-featured L3 switch?
ASKER
I'll look into sonicwall, can you recommend one that might work? otherwise I'll have to learn how to use a L3 router.