Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Enlightenend me how to create a bridge between two networks

Posted on 2010-11-25
Medium Priority
Last Modified: 2013-11-05
How do i separate my wired desktop from my wireless laptop.my desktop is windows7 professional and my laptop is windows vista home premium.
my modem is the dhcp server Motorola WIMAX CPEI 25725 and my wireless router is a Netgear WNR3500L STATIC IP.what is the most secure way or best way to accomplish this.the desktop has a static IP and the Laptop has a static IP.
Question by:Freemybytes
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
LVL 80

Expert Comment

ID: 34215206
You need the capability on the the routers you have to segment i.e.

With your existing equipment I do not believe  it is possible.

You need to have one IP range alocated via DHCP to the wired while different IP range for the WIFI clients.

Any system behind the Netgear will be able to access any system behind the Motorola Wimax no matter the IP.

If you are willing to install WRT on the router, you would be closer to getting what you want since you can VLAN the wifi and the individual Wired Ports.

I.e. you would define an individual DHCP server for each VLAN.  Not sure whether it will prevent the access accross VLANs. But it will require the user on one segment to know the IPs of the other in order to even try to access those resources.

Author Comment

ID: 34219355
Let me try to understand what you are saying about the equipment that i presently have i am not going to be able to separate the wired from the wireless then would adding a wireless WRT access point do any good i must confess WRT would be new to me i have a couple of older routers laying around  i am not using a trendnet wireless router and an wrt54g wireless router could i possibly put WRT on one of them and add it as an access point or am i way off in understanding what your saying.plus do i use DHCP for both segments.
LVL 80

Expert Comment

ID: 34220705
Depending on the version of the wrt54g, you could put WRT on it.
Sorry, did not include the link http://www.dd-wrt.com
provides a way to see whether the router/routers you have are supported.

The other option you have is to have each router

                                         Netgear Wifi - LAN
Internet -Motorola WIMAX
                Different Router (linksys/trendnet) - LAN Wired
Make sure the Motorola WIMAX LAN side is neither nor

The systems on will be able to access the Internet but will not be able to access the systems with the systems because the different router's firewall will prevent the access.  you would need to open ports on the firewall if you want those systems to access a specific resource on the other network.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 34326623
I think i will get a Buffalo access point that comes pre-installed with DD-WRT on it  i guess i will receive it in about three days then try it out.

Author Comment

ID: 34544494
Okay i am sorry i took so long but i decided to flash my new WNR3500L wireless router with
DD-WRT firmware version V24-SP2 8/7/10  STD-USB-FTP.it was successful.i did see some
VLAN settings in the new interface but i am unsure on the configuration and about defining
each DHCP server.if this is the most secure way then that what i want to do.
LVL 80

Expert Comment

ID: 34545987
Ok, You take each of the LAN side outputs on the 3500 and associate it with a different VLAN, you then connect that to a switch that will only serve that VLAN. You configure the per interface DHCp server to allocate the IPs you want.  Not sure if you have a DHCP server on a windows server whether you can configure a DHCP relay agent on the 3500 instead.
If you can configure a DHCP relay agent.
A comment from klaasb01 has a reference to adding a directive to forward the requests
"if vlan2 true false true" to /tmp/dhcp-fwd/dhcp-fwd.conf and restart it. "
Then you would need to configure/add the scope for this segment to the DHCP server.
Note that you have to have each VLAN connected to a separate switch unless you have a level 2 switch on which you can TAG ports as being one VLAN versus another.

Author Comment

ID: 34615359
I don't have a windows 2003 DHCP server.on the 3500 the basic setup tab has options
for DHCP server and DHCP forwarder.i looked at the schema using your link i noticed
he has two routers trunked now i do have the Buffalo wireless N150 router and access
point with DD-WRT on it but do i still have to have two switches for each VLAN maybe
i am just not understanding the topology the two switches are throwing me off i also
don't have a layer two switch.the 3500 also has the following VLAN settings VLAN Tagging,
Create Bridge,Assign Bridge and Multiple DHCP Server.Bear with me the configuration is
new to me.
LVL 80

Expert Comment

ID: 34617188

I think DD-wrt provides VLAN such that the wired devices are separated from the wireless ones.
I.e. a system connected via the wireless will not be able to connect to the wired devices.

Do you want the wireless side to be able to access any wired resource?
If not, the dd-wrt enabled wireless should be enough to separate the two.

In your current layout anything connected to the netgear will be able to access any resource that is directly connected to the motorola modem.
Anything that is connected to the Mororola modem can not access the devices behind the netgear unless you configure port forwarding on the netgear for particular resources/services or DMZ the device.

If you do not have a smart switch, you need two switches since the connection of the device into a switch will determine to which VLAN this device has access.

i.e. door1 is vlan1 and door2 is vlan2.
A regular retail/unmanaged switch does not distinguish nor has a way to differentiate VLANs.
VLAN tagging has to then be setup on the networking interface of each system to identify to which VLAN it belongs. This way a packet tagged differently will be ignored by the networking interface. The tagging involves having to go to each system and configure its networking interface to be associated with a specific VLAN through VLAN tagging.
The use of the two switches, eliminates that need such that the switch into which you connect the device will determine which VLAN it is on and the filtering of packets i.e. VLAN1 packets will not be seen on the VLAN2 switch since the router will not rebroadcast them across the VLAN boundry.

Author Comment

ID: 34673700
I don't want the wireless to access any wired resources and i don't want the wired to access
any of the wireless resources two teenagers with wireless laptops it is already a security problem.
if the DD-WRT alone can do the above job then i can go with that if not then i will have to go with the
two switch approach I think i understand the concept of differentiating  VLANS from each other but
the topology is fuzzy. i am thinking the MODEM to the  DD-WRT 3500L wireless router but where does
the two switches come into the topology you will have to continue to bear with me this is a totally
new configuration to me.

i am thinking the MODEM to the  DD-WRT 3500L wireless router
LVL 80

Accepted Solution

arnold earned 2000 total points
ID: 34676801
The dd-wrt can setup VLAN on each port of the LAN side of the switch as well as the Wireless side.
 If you only have one wired device, there is no need for additional switches.  If you have multiple wired devices and  you need more than the one VLAN for wireless and one wired, you would need to have the LAN port of the DD-wrt enabled router connect to a switch that will extend the same VLAN to all devices connected to this switch while the other switch will provide the other VLAN to all devices connected to this switch.
                                        Wireless VLAN Segment
Intenet <=>  dd-wrt 3500L  <=> Wired VLAN1 segment
                                         Wired VLAN2 segment

You have four wired ports that you can assign to the different VLANs. i.e. you can have three wired devices on VLAN1 and one on VLAN2 if you exceed the number of available network ports for the wired devices you would need a switch in extend the VLAN to the switch.  IF you are using a managed switch that supports VLAN, you could use it as to VLAN more likely you would have a residential/retail unmanaged switch which means that once connected to a port on the 3500L the switch will be on the VLAN configuration of the network port to which it is connected.

Hope I have answered your question and provided clarification on the topology.

Author Comment

ID: 34884413
I tried the DD-WRT forum for the actual configuration i had a rocky time but got it to work after all that my neighbor give me a Pix 506 and a 2950 twelve port switch now i am hungry to try out these two new toys. Thanks enjoy your points.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question