IP Addressing - Same offices, sub company

Concept_Wes
Concept_Wes used Ask the Experts™
on
Hi,

We have an office which has an SBS 2008 box which assigns addresses in the 192.168.42.x range to wired clients.

The directors have decided to lease an empty office out to generate revenue and promised internet access for the sub company part owned by the director. They will connect using the wired point in their room routed down to our switch and ADSL router.

Is it possible to give them an IP address which would enable only internet access and not access to the server? My knowledge of IP addressing is very minimal.

Kind Regards

Wesley
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
By the way it is only one laptop connecting to the network using XP.
You can split the DHCP range into two separate subnets, such as 192.168.42.0/25 and 192.168.42.128/25.  That would give each company a pool of 126 IP addresses.  Then use ACLs to restrict the sub-company to allow access only to the Internet.

Given that the sub-company is so small, you can also use IP address reanges in you DHCP configuration, but that gets a bit more complicated.  For example, assign 192.168.42.10 - 192.168.42.239 to your company and 192.168.42.241 - 192.168.42.254 to the sub-company.  This would make the ACLs a bit more cumbersome to write, though.
Do you have a separate router at the location, or does the DSL modem plug directly into the switch?  If you have a router that you can manage, you can set up a new network for the other office and keep it's traffic completely separate from your network.  Let us know which model and we'll help you set it up.

Without a router, you'll have to allow at least some access to your network in order to get them online.
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Author

Commented:
eleibowitz: Please could you let me know how the subnets work - my server is 239, router is 1, network hardware 10 to 25, printers are 190 to 200 and the clients are allowed 50 to 149. Does the subnet mask come into play? I can always statically assign the ip address or do it through the dhcp on the server using the mac address.

jimmyray7: I have full control of the ADSL firewall/router (Draytek 2820) which plugs straight into the switch.
There is no really quick answer to how subnets work, so here are a couple of good explanations of subnets.  It is worth giving these a good read, slowly enough to absorb it, and perhaps getting out your pencil to play with some examples.  It may take a bit of time but it is knowledge that will serve you well for your whole networking career.

http://en.wikipedia.org/wiki/Subnetwork
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml (skip the appendix).
Commented:
What I would do is to use the DMZ port on your router. Assign that DMZ port an IP outside your network subnet (IE: 192.168.51.1) and set the router be the DNS & DHCP server for that port & the new subnet - with a DHCP IP range within the new subnet  (ie: 192.168.51.50 - 192.168.51.100).

The default route for internet access should be setup automatically by the router, you will just need to check for the isolation from your network.  If you can ping your server from the DMZ port, you will need to setup a rule to block all access from the DMZ port to the 192.168.42.0 subnet.

You will have to check and see if your router supports DHCP to one port, and the "port to port" rules. I have used this up in a SonicWall, but I don't know about Draytek.

You could also purchase a small home router (Linksys, Belkin or ??) and plug the home router's WAN port into one of your Draytek router's LAN ports and the LAN side of your home router goes to your new office.  Let the home router do DHCP & DNS on the LAN side, and on the WAN side - a DHCP client to the Draytek.  
You may have to setup a rule for no access from the new subnet (determined by the DHCP of the new router) to your network/server subnet.

Either one should work as long as the Draytek supports the rules - it should.  Let us know.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial