Network setup: 2 Internet Providers. Both with multiple Static IP addresses.

I think I've got a pretty good handle on my situation. So this may be a quest for verification rather than a question looking for an answer.
As the title states, I have 2 ISPs and each has multiple static IPs available to me.
Both ISPs and all computers are on the same subnet on the LAN side. (small office)
I'm using 4 pretty basic consumer routers to build my network. (d-link dgl-4100).
To "split" out one of the WANs to 3 of my routers, each using a separate Static IP. I've got the WAN plugged into a 5 port Gigabit switch. Then from there it feeds my 3 Routers, which then maps my ports as needed.
I know this setup is safe. Everything is behind routers and firewalls.
But is my 5 Port Gigabit switch unnecessary? Should I just be attaching the WANs to my Gigabit Switch along with all my computers?  Or is that asking for trouble?

It seems that it would simplify my setup a bit and actually give me a bit of flexibility in terms of offsite trouble shooting (when I'm on vacation) if I could move someone that is having trouble to one of the Unused Static IPs (by telling them the manual config). That way there is no firewall or router blocking anything. Then switch back when I'm finished.
Again, I ask if I'm just setting myself up for trouble.

Thanks in advance.
catmarlsonAsked:
Who is Participating?
 
giltjrCommented:
O.K., I take it that the 4 D-Link routers are connected to  the other switch that has your computers on it.

Is your other switch a managed switch?  Can you setup VLAN's on it?  If the answer is NO, then leave you setup as is.  

The problem with connecting your ISP "modem" into the same switch as your computer is without VLAN's is that everything is on the same layer 2 network.  Your computers would not really be behind a firewall, but sort of next to it.


However, I would suggest that you think about replacing the 4 D-Link routers.  It may be more expensive, but it will be easier to manage and protect (IMHO) if you were to get something like a Cisco 1812.  New ones run close to $1,000 and there are some models that have Wireless.  You may want to check eBay for some used ones.

The 1812 has two WAN ports and built in 8 port switch.  This would allow a simpler set of:

                       |----------|
ISP1 <------ > |             | <---> COMP1
                      |   1812  |
ISP2 <------>  |             | <---> COMP2
                       |----------|

The 1812 can do everything the 4 standalone routers do, but in a single box.  Most likely it uses less electricity and  generates less heat .  The could be other routers that do the same thing as the 1821, but I am more familiar with Cisco devices.
0
 
giltjrCommented:
I'm confused as to your setup.  You talk about both of your ISP's and all your computers being the same subnet, but then you also talk about being behind a firewall.

Are you using a bridged firewall as opposed to a routed firewall?  Could you draw a simple stick diagram of your setup like:

ISP1 connection <--> Router #1 <-\
                                                        \
                                                         \_ 5_port_switch
                                                        /
ISP2 connection <--> Router #2 <-/


Making sure you show where your firewall.
0
 
catmarlsonAuthor Commented:
Probably shouldn't have called it a firewall. Just what's built into the D-Link Routers
 
ISP1 WAN Ethernet from Fios\                              /--- DLink Router 1 handling External IP 1
                                                 \                            /
                                                  \__ 5 Port Switch/---- DLink Router 2 handling External IP 2
                                                                             \
                                                                               \__ DLink Router 3 handling External IP 3

ISP1 WAN Ethernet from Cable Modem------------ DLink Router 4 handling External IP 4

Only  DLink #4 has DHCP turned on above .200.
Each of the 4 LAN IP's are in the 192.168.254.xxx range. Which matches everything on on internal LAN. All of our internal machine's IPs are manually configured as to direct traffic to Either DLink 4 or DLink #1 depending on what bandwidth they require. The other 2 are specifically portmapped for file serving and such on a specific External IP address. (each use the same ports, thus multiple routers).

Hope this makes more sense to you. I probably said something incorrect as I know just enough to be dangerous at this. (as in, it works when I"m finished)
Thanks for taking a look.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
catmarlsonAuthor Commented:
I just purchased a managed switch. Need to schedule an "outage" to get that installed.

I need to read up on the VLAN stuff. Conceptually, I get what it's all about.
With that managed switch, I could create VLANs that would direct the WAN only to/from the Routers. Otherwise as you said it would be next to the firewall/routers and computers. (how simple would it be for someone to take advantage of that?)
I do see how what you are suggesting is the secure way to build it.

I've dug up a manuals for the 1812 router online. That product looks like it would really clean up my setup quite a bit. I have a feeling I may have to chase down an cisco pro to get me through the setup the first time to show me the ropes. Thanks for pointing me in the direction of that product.

Not sure when I'll get to move on this project. I'm sure I'll have more questions once I've found the 1812 and the time to figure it out.

Thanks
0
 
giltjrCommented:
Thanks for the points.

The 1812 comes with a fairly intuitive GUI interface.

VLAN's are fairly simple to understand.  The biggest thing with managed switches is there are two types, layer 2 only and layer 3.  The layer 3 switches are really routers/switches all in one box and are more expensive than layer 2 only switches.

A layer 3 switch would be a bit expensive for your setup.  I would stick with a 1812 type device instead of trying to get a layer 2 switch.  A layer 2 managed switch would cause you some setup issues which I won't go into unless you really want to know.
0
 
catmarlsonAuthor Commented:
This is the switch I bought a few weeks ago, mostly to get the number of connections.
DGS-1210-48 Web Smart 48 Port Gigabit Switch
If I can figure out the VLAN thing I may put that into place with my current setup.
Then once I have a moment and buy an 1812 and figure that out, the VLAN won't be necessary and I can eliminate that programming.

Of course I want to know everything. But I definitely have some homework to do so I can be somewhat more intelligent about it all.
Really looking forward to taking advantage of more of the technology available out there. Now that we have some decent bandwidth available from our ISPs, it makes it worth figuring out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.