Posted on 2012-03-09
Previously, our Corporate network only had 1 VLan, with a /24 subnet(256 IP's). We were running out of IP addresses; hence, I thought it best to make 2 additional Corporate VLans. To have:
VLan-1 = Miscelaneous non-intelligent devices (Printers, electrical panels, etc). (192.X.X.X/24)
VLan-2 = Microsoft Windows Domain PC's (10.X.X.X/24)
VLan-3 = Servers. (10.250.X.X/25)
The above system has worked well for segmenting the different parts of the network, in addition to freeing up some much needed IP addresses (on VLan-1). I have created network routing rules, on our main router, to allow network traffic to be routed between V-Lan’s.
Anyway, I could not bring over some of the Microsoft Windows Domain PC's to VLan-2 because these Specific PC's had some proprietary software installed on them that must communicate to the Vendor’s router that is also on VLan-1 (192.X.X.X/24). Additionally, the vendor's router has an Access Control List (ACL) that only accepts traffic from a specific IP address list.
I have manually created static route's, on those specific computer's route table, to redirect network traffic to the Vendor's Router on VLan-1. Ie route ADD 29.X.X.0 MASK 255.255.255.0 192.X.X.100 -p
My question is: What must I do to allow the PC's, with the proprietary software installed, to be moved to VLan-2 and still communicate with the Vendor’s Router on VLan-1? It might be important to mention that the Vendor's Router is on a 192.X.X.X - IP scheme and the other VLan is using a 10.200 - IP scheme.