caaron
asked on
Divide Verizon FIOS network into separate subnets?
Here is the scenario: A crisis intervention center that has a homeless shelter for its residents and an internal network of business-related computers. Broadband comes in via Verizon FIOS through a ZyXel Prestige 861H-G1G2 modem that converts the FIOS phone signal to ethernet an then feeds an ActionTek Router which feeds the business systems.. My goal is to create two completely different networks--one for confidential internal use and another for use by the residents. My original plan was to put a switch between the ZyXel Modem and the ActionTec router and run another router off of that switch, but for some reason, even when I try connecting directly to the ZyXel I cannot get out to the internet. I can only get there via the ActionTek router (192.168.1.1). I tried connecting a second router (192.168.2.1) to the ActionTek Router but I was able to cross back over and access the business systems that way, which I want to protect from that router.
I'm looking for ideas as to the most efficient way to create these two subnets.
Chuck
I'm looking for ideas as to the most efficient way to create these two subnets.
Chuck
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I can get you started, but you'll need to consult a manual or the help pages.
To add a VLAN:
go to the 'Network Connections' page
select 'Advanced'
click on the 'Edit' button for Ethernet
From there, you'll be able to select a specific LAN port and assign it to a different VLAN.
In order to restrict traffic between the VLANs, go to the 'Firewall Settings' section.
To add a VLAN:
go to the 'Network Connections' page
select 'Advanced'
click on the 'Edit' button for Ethernet
From there, you'll be able to select a specific LAN port and assign it to a different VLAN.
In order to restrict traffic between the VLANs, go to the 'Firewall Settings' section.
ASKER
I spent most of today fighting with the Actiontec modem. I was able to get a VLAN set up with it but I couldn't make it work. Finally the router froze up and stopped responding, bringing down the whole network. I contacted Verizon and they are bringing in a new modem tomorrow. I was able to get the network up and running temporarily with another router I have. I don't think using VLANs in the Actiontec is workable for me. Is there another way I can set it up using separate hardware?
I have heard that navigating around the ActionTek configuration menu is pain in the a..
Realistically, you could use any VLAN-capable router.
Realistically, you could use any VLAN-capable router.
ASKER
I did write to Actiontec and got this as part of their response:
I also can include this walk through our engineers wrote.
Creating a VLAN using the BHR (4.0.16.1.15.2.9)
1. Creating a VLAN
a. Select Network Connections/Advanced Connection/VLAN Interface
b. Make the Underlying Device the LAN Bridge
c. The VLAN ID can be any number from 1-4094, this will be the VLAN PVID
2. Changing the IP Subnet
a. Select the VLAN/Settings/Internet Protocol/Use the Following IP Address
b. An example would be: 10.0.0.1 / 255.255.255.0
c. Under DNS Server enter the Primary and Secondary servers
d. From IP Address Distribution select DHCP Server
e. The range would be 10.0.0.2-254 / 255.255.255.0
3. Configuring the VLAN on the Switch
a. Select Network Connections/Advanced/LAN Hardware Ethernet Switch/Settings
b. From 4 Port Ethernet Switch select Show
c. Assign the VLAN PVID number to the port desired (0-3)
i. Select Action for Port 0
ii. From Ingress select Tagged (Add VLAN Header)
iii. Leave the Egress set to Untagged
d. Be sure to connect the Ethernet cable to the port assigned the VLAN PVID
e. Your NIC should get an appropriate IP, like 10.0.0.2
f. Test by PINGing other addresses connected to the BHR
4. Advanced Filtering (Blocking the VLAN from the LAN)
a. Select Security/Advanced Filtering
b. Under Incoming Packets find the VLAN
c. Make a New Entry, Under Matching select Source IP Address as ANY
d. For the Destination Address select Specify Address and click Add
e. Name the rule and click New Entry
f. Select IP Subnet to define the subnet you want to block
i. This will be (the LAN), 192.168.1.0 / 255.255.255.0
g. Repeat for the Outgoing Packets
5. Test
a. You should no longer be able to PING between the 2 networks
I'll give it a try this week, but I'm really way over my head with this stuff...
Chuck
I also can include this walk through our engineers wrote.
Creating a VLAN using the BHR (4.0.16.1.15.2.9)
1. Creating a VLAN
a. Select Network Connections/Advanced Connection/VLAN Interface
b. Make the Underlying Device the LAN Bridge
c. The VLAN ID can be any number from 1-4094, this will be the VLAN PVID
2. Changing the IP Subnet
a. Select the VLAN/Settings/Internet Protocol/Use the Following IP Address
b. An example would be: 10.0.0.1 / 255.255.255.0
c. Under DNS Server enter the Primary and Secondary servers
d. From IP Address Distribution select DHCP Server
e. The range would be 10.0.0.2-254 / 255.255.255.0
3. Configuring the VLAN on the Switch
a. Select Network Connections/Advanced/LAN Hardware Ethernet Switch/Settings
b. From 4 Port Ethernet Switch select Show
c. Assign the VLAN PVID number to the port desired (0-3)
i. Select Action for Port 0
ii. From Ingress select Tagged (Add VLAN Header)
iii. Leave the Egress set to Untagged
d. Be sure to connect the Ethernet cable to the port assigned the VLAN PVID
e. Your NIC should get an appropriate IP, like 10.0.0.2
f. Test by PINGing other addresses connected to the BHR
4. Advanced Filtering (Blocking the VLAN from the LAN)
a. Select Security/Advanced Filtering
b. Under Incoming Packets find the VLAN
c. Make a New Entry, Under Matching select Source IP Address as ANY
d. For the Destination Address select Specify Address and click Add
e. Name the rule and click New Entry
f. Select IP Subnet to define the subnet you want to block
i. This will be (the LAN), 192.168.1.0 / 255.255.255.0
g. Repeat for the Outgoing Packets
5. Test
a. You should no longer be able to PING between the 2 networks
I'll give it a try this week, but I'm really way over my head with this stuff...
Chuck
ASKER
Setting up Vlans on the Actiontec router did not work for me. It was too complex and Verizon's implementation of this router differed from the Actiontec procedures. I ended up resolving the problem by setting the Actiontec to 192.168.0.1 and running a line to a separate router at 192.168.1.1 for the internal wired network. This prevents the wireless network (and associated access points) from getting into the wired network.
Chuck
Chuck
I know this has been closed for a while but I am going to be setting up an identical thing very soon. I was wondering, in your solution, you say you ran another line to the separate router. I'm assuming you mean you ran a crossover from the Actiontec to the other router, correct? And DHCP is left enabled on both routers, I assume?
ASKER
Chuck