[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1055
  • Last Modified:

Enlightenend me how to create a bridge between two networks

How do i separate my wired desktop from my wireless laptop.my desktop is windows7 professional and my laptop is windows vista home premium.
my modem is the dhcp server Motorola WIMAX CPEI 25725 and my wireless router is a Netgear WNR3500L STATIC IP.what is the most secure way or best way to accomplish this.the desktop has a static IP and the Laptop has a static IP.
0
Freemybytes
Asked:
Freemybytes
  • 6
  • 5
1 Solution
 
arnoldCommented:
You need the capability on the the routers you have to segment i.e.

With your existing equipment I do not believe  it is possible.

You need to have one IP range alocated via DHCP to the wired while different IP range for the WIFI clients.

Any system behind the Netgear will be able to access any system behind the Motorola Wimax no matter the IP.

If you are willing to install WRT on the router, you would be closer to getting what you want since you can VLAN the wifi and the individual Wired Ports.

I.e. you would define an individual DHCP server for each VLAN.  Not sure whether it will prevent the access accross VLANs. But it will require the user on one segment to know the IPs of the other in order to even try to access those resources.
0
 
FreemybytesAuthor Commented:
Let me try to understand what you are saying about the equipment that i presently have i am not going to be able to separate the wired from the wireless then would adding a wireless WRT access point do any good i must confess WRT would be new to me i have a couple of older routers laying around  i am not using a trendnet wireless router and an wrt54g wireless router could i possibly put WRT on one of them and add it as an access point or am i way off in understanding what your saying.plus do i use DHCP for both segments.
0
 
arnoldCommented:
Depending on the version of the wrt54g, you could put WRT on it.
Sorry, did not include the link http://www.dd-wrt.com
http://dd-wrt.com/site/support/router-database
provides a way to see whether the router/routers you have are supported.

The other option you have is to have each router

                                         Netgear Wifi - LAN 192.168.15.0/24
                                       /
Internet -Motorola WIMAX
                                      \
                Different Router (linksys/trendnet) - LAN 192.168.20.0/24 Wired
Make sure the Motorola WIMAX LAN side is neither 192.168.15.0/24 nor 192.168.20.0/24.

The systems on 192.168.15.0/24 will be able to access the Internet but will not be able to access the systems with the 192.168.20.0/24 systems because the different router's firewall will prevent the access.  you would need to open ports on the firewall if you want those systems to access a specific resource on the other network.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
FreemybytesAuthor Commented:
I think i will get a Buffalo access point that comes pre-installed with DD-WRT on it  i guess i will receive it in about three days then try it out.
0
 
FreemybytesAuthor Commented:
Okay i am sorry i took so long but i decided to flash my new WNR3500L wireless router with
DD-WRT firmware version V24-SP2 8/7/10  STD-USB-FTP.it was successful.i did see some
VLAN settings in the new interface but i am unsure on the configuration and about defining
each DHCP server.if this is the most secure way then that what i want to do.
0
 
arnoldCommented:
Ok, You take each of the LAN side outputs on the 3500 and associate it with a different VLAN, you then connect that to a switch that will only serve that VLAN. You configure the per interface DHCp server to allocate the IPs you want.  Not sure if you have a DHCP server on a windows server whether you can configure a DHCP relay agent on the 3500 instead.
If you can configure a DHCP relay agent.
http://dd-wrt.ca/phpBB2/viewtopic.php?p=9109&sid=1247fa11a23169b33937db106880695b
A comment from klaasb01 has a reference to adding a directive to forward the requests
"if vlan2 true false true" to /tmp/dhcp-fwd/dhcp-fwd.conf and restart it. "
Then you would need to configure/add the scope for this segment to the DHCP server.
Note that you have to have each VLAN connected to a separate switch unless you have a level 2 switch on which you can TAG ports as being one VLAN versus another.
0
 
FreemybytesAuthor Commented:
I don't have a windows 2003 DHCP server.on the 3500 the basic setup tab has options
for DHCP server and DHCP forwarder.i looked at the schema using your link i noticed
he has two routers trunked now i do have the Buffalo wireless N150 router and access
point with DD-WRT on it but do i still have to have two switches for each VLAN maybe
i am just not understanding the topology the two switches are throwing me off i also
don't have a layer two switch.the 3500 also has the following VLAN settings VLAN Tagging,
Create Bridge,Assign Bridge and Multiple DHCP Server.Bear with me the configuration is
new to me.
0
 
arnoldCommented:

I think DD-wrt provides VLAN such that the wired devices are separated from the wireless ones.
I.e. a system connected via the wireless will not be able to connect to the wired devices.

Do you want the wireless side to be able to access any wired resource?
If not, the dd-wrt enabled wireless should be enough to separate the two.

In your current layout anything connected to the netgear will be able to access any resource that is directly connected to the motorola modem.
Anything that is connected to the Mororola modem can not access the devices behind the netgear unless you configure port forwarding on the netgear for particular resources/services or DMZ the device.

If you do not have a smart switch, you need two switches since the connection of the device into a switch will determine to which VLAN this device has access.

i.e. door1 is vlan1 and door2 is vlan2.
A regular retail/unmanaged switch does not distinguish nor has a way to differentiate VLANs.
VLAN tagging has to then be setup on the networking interface of each system to identify to which VLAN it belongs. This way a packet tagged differently will be ignored by the networking interface. The tagging involves having to go to each system and configure its networking interface to be associated with a specific VLAN through VLAN tagging.
The use of the two switches, eliminates that need such that the switch into which you connect the device will determine which VLAN it is on and the filtering of packets i.e. VLAN1 packets will not be seen on the VLAN2 switch since the router will not rebroadcast them across the VLAN boundry.
 
0
 
FreemybytesAuthor Commented:
I don't want the wireless to access any wired resources and i don't want the wired to access
any of the wireless resources two teenagers with wireless laptops it is already a security problem.
if the DD-WRT alone can do the above job then i can go with that if not then i will have to go with the
two switch approach I think i understand the concept of differentiating  VLANS from each other but
the topology is fuzzy. i am thinking the MODEM to the  DD-WRT 3500L wireless router but where does
the two switches come into the topology you will have to continue to bear with me this is a totally
new configuration to me.






i am thinking the MODEM to the  DD-WRT 3500L wireless router
0
 
arnoldCommented:
The dd-wrt can setup VLAN on each port of the LAN side of the switch as well as the Wireless side.
 If you only have one wired device, there is no need for additional switches.  If you have multiple wired devices and  you need more than the one VLAN for wireless and one wired, you would need to have the LAN port of the DD-wrt enabled router connect to a switch that will extend the same VLAN to all devices connected to this switch while the other switch will provide the other VLAN to all devices connected to this switch.
                                        Wireless VLAN Segment
                                      /
Intenet <=>  dd-wrt 3500L  <=> Wired VLAN1 segment
                                      \
                                         Wired VLAN2 segment

You have four wired ports that you can assign to the different VLANs. i.e. you can have three wired devices on VLAN1 and one on VLAN2 if you exceed the number of available network ports for the wired devices you would need a switch in extend the VLAN to the switch.  IF you are using a managed switch that supports VLAN, you could use it as to VLAN more likely you would have a residential/retail unmanaged switch which means that once connected to a port on the 3500L the switch will be on the VLAN configuration of the network port to which it is connected.

Hope I have answered your question and provided clarification on the topology.
0
 
FreemybytesAuthor Commented:
I tried the DD-WRT forum for the actual configuration i had a rocky time but got it to work after all that my neighbor give me a Pix 506 and a 2950 twelve port switch now i am hungry to try out these two new toys. Thanks enjoy your points.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now