Solved

Enlightenend me how to create a bridge between two networks

Posted on 2010-11-25
11
1,011 Views
Last Modified: 2013-11-05
How do i separate my wired desktop from my wireless laptop.my desktop is windows7 professional and my laptop is windows vista home premium.
my modem is the dhcp server Motorola WIMAX CPEI 25725 and my wireless router is a Netgear WNR3500L STATIC IP.what is the most secure way or best way to accomplish this.the desktop has a static IP and the Laptop has a static IP.
0
Comment
Question by:Freemybytes
  • 6
  • 5
11 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 34215206
You need the capability on the the routers you have to segment i.e.

With your existing equipment I do not believe  it is possible.

You need to have one IP range alocated via DHCP to the wired while different IP range for the WIFI clients.

Any system behind the Netgear will be able to access any system behind the Motorola Wimax no matter the IP.

If you are willing to install WRT on the router, you would be closer to getting what you want since you can VLAN the wifi and the individual Wired Ports.

I.e. you would define an individual DHCP server for each VLAN.  Not sure whether it will prevent the access accross VLANs. But it will require the user on one segment to know the IPs of the other in order to even try to access those resources.
0
 

Author Comment

by:Freemybytes
ID: 34219355
Let me try to understand what you are saying about the equipment that i presently have i am not going to be able to separate the wired from the wireless then would adding a wireless WRT access point do any good i must confess WRT would be new to me i have a couple of older routers laying around  i am not using a trendnet wireless router and an wrt54g wireless router could i possibly put WRT on one of them and add it as an access point or am i way off in understanding what your saying.plus do i use DHCP for both segments.
0
 
LVL 76

Expert Comment

by:arnold
ID: 34220705
Depending on the version of the wrt54g, you could put WRT on it.
Sorry, did not include the link http://www.dd-wrt.com
http://dd-wrt.com/site/support/router-database
provides a way to see whether the router/routers you have are supported.

The other option you have is to have each router

                                         Netgear Wifi - LAN 192.168.15.0/24
                                       /
Internet -Motorola WIMAX
                                      \
                Different Router (linksys/trendnet) - LAN 192.168.20.0/24 Wired
Make sure the Motorola WIMAX LAN side is neither 192.168.15.0/24 nor 192.168.20.0/24.

The systems on 192.168.15.0/24 will be able to access the Internet but will not be able to access the systems with the 192.168.20.0/24 systems because the different router's firewall will prevent the access.  you would need to open ports on the firewall if you want those systems to access a specific resource on the other network.
0
 

Author Comment

by:Freemybytes
ID: 34326623
I think i will get a Buffalo access point that comes pre-installed with DD-WRT on it  i guess i will receive it in about three days then try it out.
0
 

Author Comment

by:Freemybytes
ID: 34544494
Okay i am sorry i took so long but i decided to flash my new WNR3500L wireless router with
DD-WRT firmware version V24-SP2 8/7/10  STD-USB-FTP.it was successful.i did see some
VLAN settings in the new interface but i am unsure on the configuration and about defining
each DHCP server.if this is the most secure way then that what i want to do.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 76

Expert Comment

by:arnold
ID: 34545987
Ok, You take each of the LAN side outputs on the 3500 and associate it with a different VLAN, you then connect that to a switch that will only serve that VLAN. You configure the per interface DHCp server to allocate the IPs you want.  Not sure if you have a DHCP server on a windows server whether you can configure a DHCP relay agent on the 3500 instead.
If you can configure a DHCP relay agent.
http://dd-wrt.ca/phpBB2/viewtopic.php?p=9109&sid=1247fa11a23169b33937db106880695b
A comment from klaasb01 has a reference to adding a directive to forward the requests
"if vlan2 true false true" to /tmp/dhcp-fwd/dhcp-fwd.conf and restart it. "
Then you would need to configure/add the scope for this segment to the DHCP server.
Note that you have to have each VLAN connected to a separate switch unless you have a level 2 switch on which you can TAG ports as being one VLAN versus another.
0
 

Author Comment

by:Freemybytes
ID: 34615359
I don't have a windows 2003 DHCP server.on the 3500 the basic setup tab has options
for DHCP server and DHCP forwarder.i looked at the schema using your link i noticed
he has two routers trunked now i do have the Buffalo wireless N150 router and access
point with DD-WRT on it but do i still have to have two switches for each VLAN maybe
i am just not understanding the topology the two switches are throwing me off i also
don't have a layer two switch.the 3500 also has the following VLAN settings VLAN Tagging,
Create Bridge,Assign Bridge and Multiple DHCP Server.Bear with me the configuration is
new to me.
0
 
LVL 76

Expert Comment

by:arnold
ID: 34617188

I think DD-wrt provides VLAN such that the wired devices are separated from the wireless ones.
I.e. a system connected via the wireless will not be able to connect to the wired devices.

Do you want the wireless side to be able to access any wired resource?
If not, the dd-wrt enabled wireless should be enough to separate the two.

In your current layout anything connected to the netgear will be able to access any resource that is directly connected to the motorola modem.
Anything that is connected to the Mororola modem can not access the devices behind the netgear unless you configure port forwarding on the netgear for particular resources/services or DMZ the device.

If you do not have a smart switch, you need two switches since the connection of the device into a switch will determine to which VLAN this device has access.

i.e. door1 is vlan1 and door2 is vlan2.
A regular retail/unmanaged switch does not distinguish nor has a way to differentiate VLANs.
VLAN tagging has to then be setup on the networking interface of each system to identify to which VLAN it belongs. This way a packet tagged differently will be ignored by the networking interface. The tagging involves having to go to each system and configure its networking interface to be associated with a specific VLAN through VLAN tagging.
The use of the two switches, eliminates that need such that the switch into which you connect the device will determine which VLAN it is on and the filtering of packets i.e. VLAN1 packets will not be seen on the VLAN2 switch since the router will not rebroadcast them across the VLAN boundry.
 
0
 

Author Comment

by:Freemybytes
ID: 34673700
I don't want the wireless to access any wired resources and i don't want the wired to access
any of the wireless resources two teenagers with wireless laptops it is already a security problem.
if the DD-WRT alone can do the above job then i can go with that if not then i will have to go with the
two switch approach I think i understand the concept of differentiating  VLANS from each other but
the topology is fuzzy. i am thinking the MODEM to the  DD-WRT 3500L wireless router but where does
the two switches come into the topology you will have to continue to bear with me this is a totally
new configuration to me.






i am thinking the MODEM to the  DD-WRT 3500L wireless router
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 34676801
The dd-wrt can setup VLAN on each port of the LAN side of the switch as well as the Wireless side.
 If you only have one wired device, there is no need for additional switches.  If you have multiple wired devices and  you need more than the one VLAN for wireless and one wired, you would need to have the LAN port of the DD-wrt enabled router connect to a switch that will extend the same VLAN to all devices connected to this switch while the other switch will provide the other VLAN to all devices connected to this switch.
                                        Wireless VLAN Segment
                                      /
Intenet <=>  dd-wrt 3500L  <=> Wired VLAN1 segment
                                      \
                                         Wired VLAN2 segment

You have four wired ports that you can assign to the different VLANs. i.e. you can have three wired devices on VLAN1 and one on VLAN2 if you exceed the number of available network ports for the wired devices you would need a switch in extend the VLAN to the switch.  IF you are using a managed switch that supports VLAN, you could use it as to VLAN more likely you would have a residential/retail unmanaged switch which means that once connected to a port on the 3500L the switch will be on the VLAN configuration of the network port to which it is connected.

Hope I have answered your question and provided clarification on the topology.
0
 

Author Comment

by:Freemybytes
ID: 34884413
I tried the DD-WRT forum for the actual configuration i had a rocky time but got it to work after all that my neighbor give me a Pix 506 and a 2950 twelve port switch now i am hungry to try out these two new toys. Thanks enjoy your points.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now