?
Solved

One Router, one switch, three LAN - how can it not see each other

Posted on 2005-03-06
8
Medium Priority
?
277 Views
Last Modified: 2013-11-29
I use D-Link 504G and a 16 Port Edimax switch. I'm trying to connect up three companies on the same switch and router. Each of these companies has their existed LAN.
The computers they use are Windows XP - Home Edition and Professional, Windows 98.
I turned DHCP server in the router off, so that I can assign each company's computers seperate IP address.
Company A - 192.168.0.1/16
Company B - 192.168.1.1/16
Company C - 192.168.2.1/16
Default Gateway - 10.1.1.1 (router gateway)
Theorically it should not see each other. But it did!
All those computers have no problem using broadband internet via the router. They can see each other.. even those are in a different workgroup.
How do I stop them from seeing other computers in the different workgroup?
0
Comment
Question by:skykissme
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 5

Expert Comment

by:Genexen
ID: 13474279
The security-wise answer would be to use a switch that supports VLANs and a router that supports trunks/subinterfaces.

Assign each company a vlan, and then assign each port to the appropriate vlan.  Trunk all three vlans to the router.  This way you can have multiple parties sharing the same equipment, but they will only be able to see within their own vlan.

But in your arrangement you are using a /16 netmask, meaning all clients are on the same subnet (192.168 is the network, and everything else is host).  If you try using /24, you will prevent 192.168.1 from seeing 192.168.2  and 192.168.0, but you will most likely cut 2 of the 3 companies off from the default gateway.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13475315
>Theorically it should not see each other. But it did!
Of course they do. with /16 mask they are all in the same IP subnet.
If you use /24 mask, they would be in different subnets and "some" traffic will be segregated, but unless your router supports multiple IP's on the LAN side, none of them will be able to see the router.
They are still all in the same broadcast domain and therefore still see each other. If any of the pcs have Netbeui installed, there is no segregation at all.

As Genexen noted, the proper way to do this is with a VLAN capable switch, and a router that supports trunking.
0
 
LVL 6

Expert Comment

by:salvagbf
ID: 13476525
Or, correct me if I'm wrong, if you don't want to buy a VLAN capable switch, you could probably just pick up a cheap 1 port router like a Linksys BEFSR11 for each of the companies and put those into your D-Link. You'd still want to change your subnet mask as has been mentioned.
0
Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

 
LVL 79

Expert Comment

by:lrmoore
ID: 13476868
That's a good, inexpensive, solution that salvagbf has suggested...

Internet D-LINK
          |
      Switch
   |         |       |
  A         B       C
Router  Rtr     Rtr
   |          |       |
 LAN      LAN   LAN

Each LAN can be the same IP subnet and the router can be the DHCP server.
The Router will NAT outgoing connections and each LAN will be protected from seeing each other.
0
 
LVL 11

Accepted Solution

by:
rafael_acc earned 1000 total points
ID: 13479395
Company A - 192.168.0.1/16
Company B - 192.168.1.1/16
Company C - 192.168.2.1/16

As you can see, a 16 bit mask defines the network id as being 192.168.0.0. Therefore, all your computers are actually in the same network ;). That's why they can see each other.

You should use something like:

Company A - 192.168.0.1/24
Company B - 192.168.1.1/24
Company C - 192.168.2.1/24

Additionally, you could also configure a VLAN for each separate company

Cheers
0
 

Author Comment

by:skykissme
ID: 13489612
Thank you for all the responds. Our clients dont want to spend more money on extra router or switch or even have an individual broadband internet. And my boss doesn't think it is necessary to go into VLAN configuration.

I've tried using "24" subnet but the outcome is that I cannot see the gateway from the router. So they don't see each other, and only one company see the router.

Anyway, thanks for all your help :) I'll give it another try later in the day. And will decide from that what to do next. For now I have to go to work!

Regards
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 13491196
what do you mean you can't see the gateway from the router. The gateway is the router! Are you trying to access a router from another one?

Cheers.
0
 

Author Comment

by:skykissme
ID: 13584760
Thanks for all your helps. The solutions came from our clients decided to have each company's ADSL as soon as the usage invoice came out.
And we use VPN switch to cut out all the existed problem.

Anyway, thank you so much for your reponses.

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month12 days, 11 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question