Lightsabre
asked on
RoadRunner > Broadband Router > Switch > Network Router: How can this work?
Greetings,
Our users are connected to the main network's router via a switch. We would like to give some people access to a Road Runner connection at the switch level. We want to have a broadband router plugged into the switch that controls traffic to the internet. Is this a good solution? Will the users be able to access the main network and the internet at the same time? If not, how can this happen?
Thanks,
LS
Our users are connected to the main network's router via a switch. We would like to give some people access to a Road Runner connection at the switch level. We want to have a broadband router plugged into the switch that controls traffic to the internet. Is this a good solution? Will the users be able to access the main network and the internet at the same time? If not, how can this happen?
Thanks,
LS
Fatal_Exception
That is the correct way to do this.. Beware though, that once you allow connections internally, that anyone with access to your network will be able to browse... If you are allowing users who are not members of your domain to access the internet through your connections, be sure to secure your servers.. In other words, your security permissions should be set for Authenticated users instead of the default 'Everyone' group...
ASKER
How do I setup a user to access the broadband router and stay on the internal network? Can I hide the broadband router from the main network to protect usage?
that depends... If you are running a Domain setup with W2K or better, then you can use GPO's to prohibit your clients from accessing the internet, if that is what you are referring to here...
Once you setup a user/client computer and patch them into the network, as long as they have an ip address in the subnet, they will be able to access any of the resources that you give them permission to access...
but to tell you the truth, I am not really sure what you are asking us... :)
FE
Once you setup a user/client computer and patch them into the network, as long as they have an ip address in the subnet, they will be able to access any of the resources that you give them permission to access...
but to tell you the truth, I am not really sure what you are asking us... :)
FE
ASKER
FE, I appreciate the continued help.
Let me give a bit more detail. We have two buildings in our company. Building A has the network servers and main router. Bldg A also maintains an internet router and firewall. Bldg B, across the street where I am, connects to bldg A's router via our switch. Our 50+ employees terminate at the switch to access email and internet from bldg A as well as our own file and application servers. We would like to setup our own internet connection that connects to our switch so our users can access it while keeping it hidden from bldg A.
How can this be done? We have road runner and a broadband router. How do I connect this router to our switch and enable our users to go through it for the roadrunner internet while still having access to our network, which includes our servers and bldg A's servers?
::Poor Man's Visio::
bldg A router <---> bldg B switch <---> bldg B users
^
|
|
v
Road Runner Router
Let me give a bit more detail. We have two buildings in our company. Building A has the network servers and main router. Bldg A also maintains an internet router and firewall. Bldg B, across the street where I am, connects to bldg A's router via our switch. Our 50+ employees terminate at the switch to access email and internet from bldg A as well as our own file and application servers. We would like to setup our own internet connection that connects to our switch so our users can access it while keeping it hidden from bldg A.
How can this be done? We have road runner and a broadband router. How do I connect this router to our switch and enable our users to go through it for the roadrunner internet while still having access to our network, which includes our servers and bldg A's servers?
::Poor Man's Visio::
bldg A router <---> bldg B switch <---> bldg B users
^
|
|
v
Road Runner Router
Okay, now I am getting the picture.. Much more complicated than I originally thought.. How you set this up will depend on your network (subnetting) structure...
Is your network segmented..?? In other words, are your buildings on two separate subnets..??
Where are your DC's located (servers you authenticate to when logging in).. and are they in the same subnet (your buildings Ip address scheme), or in Bldg A on the other side of the router..??
BTW: how are your 2 building connected (switch to router)..?? If these are 2 separate buildings, I hope they are connected with fiber. if it is copper, you might want to reconsider your infrastructure... Deviations in grounding cause potential differences (electrical) which can severely damage your hardware...
FE
Is your network segmented..?? In other words, are your buildings on two separate subnets..??
Where are your DC's located (servers you authenticate to when logging in).. and are they in the same subnet (your buildings Ip address scheme), or in Bldg A on the other side of the router..??
BTW: how are your 2 building connected (switch to router)..?? If these are 2 separate buildings, I hope they are connected with fiber. if it is copper, you might want to reconsider your infrastructure... Deviations in grounding cause potential differences (electrical) which can severely damage your hardware...
FE
ASKER
I've upped the points for this.
Bldg B connects to Bldg A through 10Mbps fiber. Should be 100, but I digress.
Bldg B has an NT File Server that Bldg B users authenticate with, but it's a workgroup, not a DC. I think it was setup this way because we're attached directly to Bldg A's network router via our switch. (We would probably have a DC if we had our own router, I digress again.) Bldg B users connect to Bldg A Email and Internet through the subnet off Bldg A's router. Bldg A users are on a different subnet and a different port, but on the same router. See below for more Poor Man's Visio:
bldg A users <--> bldg A router port 1
bldg A router port 2<--10mbps fiber--> bldg B switch <---> bldg B users
<---> bldg B file server
Bldg B connects to Bldg A through 10Mbps fiber. Should be 100, but I digress.
Bldg B has an NT File Server that Bldg B users authenticate with, but it's a workgroup, not a DC. I think it was setup this way because we're attached directly to Bldg A's network router via our switch. (We would probably have a DC if we had our own router, I digress again.) Bldg B users connect to Bldg A Email and Internet through the subnet off Bldg A's router. Bldg A users are on a different subnet and a different port, but on the same router. See below for more Poor Man's Visio:
bldg A users <--> bldg A router port 1
bldg A router port 2<--10mbps fiber--> bldg B switch <---> bldg B users
<---> bldg B file server
Okay.. will give this some thought but need to attend an end-of-week meeting with dept heads this morning.. Will take another look this afternoon when I get back...
FE
FE
ASKER
I set up static IPs in the router and added a second gateway to the router on the client. It works great in XP and bombs in win95/98. Still working on that. Any help would be appreciated!
Forgot all about this question. Understand that I have probably 100 of these opened at a time. :(
Assume you have added the second Gateway to your 98/95 boxes too...?
bldg A subnet <--> Router (Gateway 1)<-->10mbps fiber<-->bldg B Subnetted Switch<---> Users/File Servers
|
Router (Gateway 2)
|
Internet (RR Modem)
And you are using IP Address filtering on your Gateway 2..?? Are you using Wins and DNS on any internal Servers..? Or have you edited the host/LMHost file for server access..?
Assume you have added the second Gateway to your 98/95 boxes too...?
bldg A subnet <--> Router (Gateway 1)<-->10mbps fiber<-->bldg B Subnetted Switch<---> Users/File Servers
|
Router (Gateway 2)
|
Internet (RR Modem)
And you are using IP Address filtering on your Gateway 2..?? Are you using Wins and DNS on any internal Servers..? Or have you edited the host/LMHost file for server access..?
ASKER
FE,
Your diagram is correct. The GW1 is x.x.x.1 and GW is x.x.x.4. On the win98 mahcine I have .4 first then .1 and no go. However, this works fine on XP. Also, there is no address filter on the router (GW2). We are using DNS, but this is the same regardless of client OS. Would this cause a problem? Finally, we have NOT edited any hosts file. Since XP worked without this, we didn't do it on 98.
Thoughts? Thanks for the help!
LS
Your diagram is correct. The GW1 is x.x.x.1 and GW is x.x.x.4. On the win98 mahcine I have .4 first then .1 and no go. However, this works fine on XP. Also, there is no address filter on the router (GW2). We are using DNS, but this is the same regardless of client OS. Would this cause a problem? Finally, we have NOT edited any hosts file. Since XP worked without this, we didn't do it on 98.
Thoughts? Thanks for the help!
LS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question needs to be closed out, unless you have a reason to leave it open. If you would, please accept one of the experts comments, or split the points if more than one expert helped you. If you do not know how to do this, please go here for help:
How do I close a question?
https://www.experts-exchange.com/Community_Support/help.jsp#hi9
Closing Questions
https://www.experts-exchange.com/Community_Support/help.jsp#hs5
Thanks,
FE
How do I close a question?
https://www.experts-exchange.com/Community_Support/help.jsp#hi9
Closing Questions
https://www.experts-exchange.com/Community_Support/help.jsp#hs5
Thanks,
FE