Solved

Enlightenend me how to create a bridge between two networks

Posted on 2010-11-25
11
1,035 Views
Last Modified: 2013-11-05
How do i separate my wired desktop from my wireless laptop.my desktop is windows7 professional and my laptop is windows vista home premium.
my modem is the dhcp server Motorola WIMAX CPEI 25725 and my wireless router is a Netgear WNR3500L STATIC IP.what is the most secure way or best way to accomplish this.the desktop has a static IP and the Laptop has a static IP.
0
Comment
Question by:Freemybytes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 34215206
You need the capability on the the routers you have to segment i.e.

With your existing equipment I do not believe  it is possible.

You need to have one IP range alocated via DHCP to the wired while different IP range for the WIFI clients.

Any system behind the Netgear will be able to access any system behind the Motorola Wimax no matter the IP.

If you are willing to install WRT on the router, you would be closer to getting what you want since you can VLAN the wifi and the individual Wired Ports.

I.e. you would define an individual DHCP server for each VLAN.  Not sure whether it will prevent the access accross VLANs. But it will require the user on one segment to know the IPs of the other in order to even try to access those resources.
0
 

Author Comment

by:Freemybytes
ID: 34219355
Let me try to understand what you are saying about the equipment that i presently have i am not going to be able to separate the wired from the wireless then would adding a wireless WRT access point do any good i must confess WRT would be new to me i have a couple of older routers laying around  i am not using a trendnet wireless router and an wrt54g wireless router could i possibly put WRT on one of them and add it as an access point or am i way off in understanding what your saying.plus do i use DHCP for both segments.
0
 
LVL 78

Expert Comment

by:arnold
ID: 34220705
Depending on the version of the wrt54g, you could put WRT on it.
Sorry, did not include the link http://www.dd-wrt.com
http://dd-wrt.com/site/support/router-database
provides a way to see whether the router/routers you have are supported.

The other option you have is to have each router

                                         Netgear Wifi - LAN 192.168.15.0/24
                                       /
Internet -Motorola WIMAX
                                      \
                Different Router (linksys/trendnet) - LAN 192.168.20.0/24 Wired
Make sure the Motorola WIMAX LAN side is neither 192.168.15.0/24 nor 192.168.20.0/24.

The systems on 192.168.15.0/24 will be able to access the Internet but will not be able to access the systems with the 192.168.20.0/24 systems because the different router's firewall will prevent the access.  you would need to open ports on the firewall if you want those systems to access a specific resource on the other network.
0
Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

 

Author Comment

by:Freemybytes
ID: 34326623
I think i will get a Buffalo access point that comes pre-installed with DD-WRT on it  i guess i will receive it in about three days then try it out.
0
 

Author Comment

by:Freemybytes
ID: 34544494
Okay i am sorry i took so long but i decided to flash my new WNR3500L wireless router with
DD-WRT firmware version V24-SP2 8/7/10  STD-USB-FTP.it was successful.i did see some
VLAN settings in the new interface but i am unsure on the configuration and about defining
each DHCP server.if this is the most secure way then that what i want to do.
0
 
LVL 78

Expert Comment

by:arnold
ID: 34545987
Ok, You take each of the LAN side outputs on the 3500 and associate it with a different VLAN, you then connect that to a switch that will only serve that VLAN. You configure the per interface DHCp server to allocate the IPs you want.  Not sure if you have a DHCP server on a windows server whether you can configure a DHCP relay agent on the 3500 instead.
If you can configure a DHCP relay agent.
http://dd-wrt.ca/phpBB2/viewtopic.php?p=9109&sid=1247fa11a23169b33937db106880695b
A comment from klaasb01 has a reference to adding a directive to forward the requests
"if vlan2 true false true" to /tmp/dhcp-fwd/dhcp-fwd.conf and restart it. "
Then you would need to configure/add the scope for this segment to the DHCP server.
Note that you have to have each VLAN connected to a separate switch unless you have a level 2 switch on which you can TAG ports as being one VLAN versus another.
0
 

Author Comment

by:Freemybytes
ID: 34615359
I don't have a windows 2003 DHCP server.on the 3500 the basic setup tab has options
for DHCP server and DHCP forwarder.i looked at the schema using your link i noticed
he has two routers trunked now i do have the Buffalo wireless N150 router and access
point with DD-WRT on it but do i still have to have two switches for each VLAN maybe
i am just not understanding the topology the two switches are throwing me off i also
don't have a layer two switch.the 3500 also has the following VLAN settings VLAN Tagging,
Create Bridge,Assign Bridge and Multiple DHCP Server.Bear with me the configuration is
new to me.
0
 
LVL 78

Expert Comment

by:arnold
ID: 34617188

I think DD-wrt provides VLAN such that the wired devices are separated from the wireless ones.
I.e. a system connected via the wireless will not be able to connect to the wired devices.

Do you want the wireless side to be able to access any wired resource?
If not, the dd-wrt enabled wireless should be enough to separate the two.

In your current layout anything connected to the netgear will be able to access any resource that is directly connected to the motorola modem.
Anything that is connected to the Mororola modem can not access the devices behind the netgear unless you configure port forwarding on the netgear for particular resources/services or DMZ the device.

If you do not have a smart switch, you need two switches since the connection of the device into a switch will determine to which VLAN this device has access.

i.e. door1 is vlan1 and door2 is vlan2.
A regular retail/unmanaged switch does not distinguish nor has a way to differentiate VLANs.
VLAN tagging has to then be setup on the networking interface of each system to identify to which VLAN it belongs. This way a packet tagged differently will be ignored by the networking interface. The tagging involves having to go to each system and configure its networking interface to be associated with a specific VLAN through VLAN tagging.
The use of the two switches, eliminates that need such that the switch into which you connect the device will determine which VLAN it is on and the filtering of packets i.e. VLAN1 packets will not be seen on the VLAN2 switch since the router will not rebroadcast them across the VLAN boundry.
 
0
 

Author Comment

by:Freemybytes
ID: 34673700
I don't want the wireless to access any wired resources and i don't want the wired to access
any of the wireless resources two teenagers with wireless laptops it is already a security problem.
if the DD-WRT alone can do the above job then i can go with that if not then i will have to go with the
two switch approach I think i understand the concept of differentiating  VLANS from each other but
the topology is fuzzy. i am thinking the MODEM to the  DD-WRT 3500L wireless router but where does
the two switches come into the topology you will have to continue to bear with me this is a totally
new configuration to me.






i am thinking the MODEM to the  DD-WRT 3500L wireless router
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 34676801
The dd-wrt can setup VLAN on each port of the LAN side of the switch as well as the Wireless side.
 If you only have one wired device, there is no need for additional switches.  If you have multiple wired devices and  you need more than the one VLAN for wireless and one wired, you would need to have the LAN port of the DD-wrt enabled router connect to a switch that will extend the same VLAN to all devices connected to this switch while the other switch will provide the other VLAN to all devices connected to this switch.
                                        Wireless VLAN Segment
                                      /
Intenet <=>  dd-wrt 3500L  <=> Wired VLAN1 segment
                                      \
                                         Wired VLAN2 segment

You have four wired ports that you can assign to the different VLANs. i.e. you can have three wired devices on VLAN1 and one on VLAN2 if you exceed the number of available network ports for the wired devices you would need a switch in extend the VLAN to the switch.  IF you are using a managed switch that supports VLAN, you could use it as to VLAN more likely you would have a residential/retail unmanaged switch which means that once connected to a port on the 3500L the switch will be on the VLAN configuration of the network port to which it is connected.

Hope I have answered your question and provided clarification on the topology.
0
 

Author Comment

by:Freemybytes
ID: 34884413
I tried the DD-WRT forum for the actual configuration i had a rocky time but got it to work after all that my neighbor give me a Pix 506 and a 2950 twelve port switch now i am hungry to try out these two new toys. Thanks enjoy your points.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question