Solved

Connecting Two Subnets on the Same LAN

Posted on 2013-01-07
13
409 Views
Last Modified: 2013-01-21
This is a rehash of a question I posted a few weeks ago.  

We have some new manufacturing equipment in our shop and the vendor configured the equipment using his subnet 192.168.10.0/24.  Our local subnet is 10.0.2.0/24. We have other equipment from this vendor that was properly configured for our subnet. He can VPN into our network and access that equipment to make programming changes and that works fine.

I thought the simplest way to access the new equipment was to setup a router which I did, a Cisco WRV210. I setup the WAN side of the router with an address from my subnet, and the LAN side with an address to match the vendors subnet. I setup a new subnet,192.168.10.0  and created a static route to the new router on my existing router.

From my side and can ping both the WAN side (10.0.2.10) and LAN side (192.168.10.1) of the new router, but none of the equipment.  If I plug into the LAN side of the router and give my laptop of static address for that subnet, I can ping all the equipment, but I cannot ping anything on the other side of the new router.

Routing is not my thing so please dumb down your answers.
0
Comment
Question by:B_Baren
  • 3
  • 3
  • 3
  • +4
13 Comments
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 200 total points
ID: 38752948
The truly simplest thing to do would be to ask your vendor to changer their subnet to a 10. subnet. There is no reason for a vendor to have a fixed subnet. Do insist they change it at their cost.

The next thing is to set up a VLAN on your switch for each subnet. But then you have to connect the VLAN's. This is not my specialty either.

Really your vendor is wrong here and they should make amends.

.... Thinkpads_User
0
 
LVL 18

Expert Comment

by:Don S.
ID: 38752997
The reason you cannot ping the new equipment is that they do not have the address of your router set as their gateway address.  Basically, they likey are getting the ping, but don't know how to send the reply so you don't get one.  You need to redo the addresses on the new equipment.
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 38753066
Go with thinkpads comment. The vendor should have asked the right questions to get it done right in the first place.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 38753620
You need to configure your devices on LAN side with default gateway 192.168.10.1 and devices on WAN side with default gateway 10.0.2.10
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 38753719
Hi,

You need a real cisco router, and you eble to configure secondary ip address on the gateway, in this you able to use same LAN two subnets
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 300 total points
ID: 38753823
In order of importance:

-Like thinkpads_user said, contact the vendor about this. They set it up and should have set it up to conform to your current network.
-check the routing on your network: default gateway and/or an additional route to the 192.168.10.0 network (could be done easily through DHCP).
-Get another router. This router is designed for being a gateway between a LAN and a WAN (so using NAT, firewalling, etc). Use a router that can route between networks without using those options. For example a simple Cisco 800 series.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:B_Baren
ID: 38754612
I fully agree that this is the vendor's responsibility.  However he lives out of state and we need access ASAP.  We cannot do anything to fix this ourselves because the equipment in question involves Allen Bradley control units and we have neither the software or expertise to make the changes.

Here are a few more details that may help us find a solution:
Netopia 3347-02 router
SBS 2008 domain

I have an old Juniper Netscreen 25 on the shelf.  Could I use that instead of the Cisco WRV210?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38754619
I use Juniper Netscreens at clients. They are good machines. So if you know how to set it up, it will work.

.... Thinkpads_User
0
 

Author Comment

by:B_Baren
ID: 38754810
The Netscreens have a  user friendly web interface. I'm worried the control units do not have a gateway setting. If i plug into the LAN side of the Cisco router, what cmd can I use to get the complete TCP/IP settings of the controllers?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38754915
If you have not set up a Netscreen before, it is not user friendly. I like it but not for a quick one-time use.

Since you have a connection for this vendor, use the same kind of gear.
.... Thinkpads_User
0
 
LVL 18

Expert Comment

by:Don S.
ID: 38759146
If you just need quick one off access to these PLCs, why not setup a PC with an address in the 192.168.10.0 subnet and use that to get to them?  you could even put two NICs in the PC and put one on each subent.
0
 

Author Comment

by:B_Baren
ID: 38759345
I read something about what you are suggesting.  Can a windows box do this, or does it have to be running server?
0
 
LVL 18

Expert Comment

by:Don S.
ID: 38759841
yes, a windows box can have two network cards with different network subnets on them.  since you only want to go to your Domain on one of them, make sure to NOT bind the microsoft clinet to the adapter that is not addressed to your domain.  That way connections to the domain resources will not be as slow and won't get confused.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now