Trying to carve out a new network on a home LAN
I have a home LAN that includes wired and wireless. I wish to set up a lab that will all be wired into something and connect to the main LAN via an extended wireless setup. So I have my main wireless router connected to the Internet and it talks to the lab wireless router in the basement wirelessly. The lab router is an extension of the main wireless LAN. This all works OK.
What I want to do is to keep traffic on the lab LAN within itself. I don't want to have all of that traffic routing up to my main router or affecting other devices that live on the main router, unless I am taking lab traffic to the Internet or I am communicating with the lab from a computer on the main router. So lab1 and lab2 devices should be able to talk to each other without impacting PC1 or PC2 that connect to the main router.
I had purchased a Netgear FVS318G to create a whole other segment that I could then route. However, I keep having trouble getting it all to work together. I can get the devices talking to each other, but not have full routing capability into the main LAN or vice versa. It struck me that perhaps I bought something that's really more complex than I need and perhaps the complexity of the device is messing up what I am trying to do.
So, one question is: is there some way to do this simply. I know that the FVS318G will probably work if I get it configured properly, but it's becoming almost not worth the effort because I think the device has more features than I really need that are complexing my efforts.
Would a smart switch be the answer, of if I just hook a dumb switch to the lab, is that enough? I experimented with a dumb switch this morning and mostly got it to work, but to have full functionality I had to point the gateway of each lab device to the IP of the main router. In that scenario will the dumb switch keep lab traffic between lab devices within the switch or will it still have to go to the main router and then back again?
What I want to do is to keep traffic on the lab LAN within itself. I don't want to have all of that traffic routing up to my main router or affecting other devices that live on the main router, unless I am taking lab traffic to the Internet or I am communicating with the lab from a computer on the main router. So lab1 and lab2 devices should be able to talk to each other without impacting PC1 or PC2 that connect to the main router.
I had purchased a Netgear FVS318G to create a whole other segment that I could then route. However, I keep having trouble getting it all to work together. I can get the devices talking to each other, but not have full routing capability into the main LAN or vice versa. It struck me that perhaps I bought something that's really more complex than I need and perhaps the complexity of the device is messing up what I am trying to do.
So, one question is: is there some way to do this simply. I know that the FVS318G will probably work if I get it configured properly, but it's becoming almost not worth the effort because I think the device has more features than I really need that are complexing my efforts.
Would a smart switch be the answer, of if I just hook a dumb switch to the lab, is that enough? I experimented with a dumb switch this morning and mostly got it to work, but to have full functionality I had to point the gateway of each lab device to the IP of the main router. In that scenario will the dumb switch keep lab traffic between lab devices within the switch or will it still have to go to the main router and then back again?
Efstratios Arvanitidis
What type of router do you use? I mean for your main subnet (the one with the embeded WiFi access point).
ASKER
I use Apple Airports across the whole LAN. The main router is connected to my cable modem with cable and then it's set inside as a router to serve out my internal main LAN. The other airport is in the basement and connects wireless to the main Airport as an extension of the wireless network. I tried setting the second one as another router, but when I do that, I lose the ability to extend the wireless. So I'm looking for something to put in on the other side to give me the functionality I mention in the original post.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, so what you are saying is to remove my main Airport from it's current job as router between the ISP and my main LAN and substitute something like a Cisco 861. Within the 861 I can create separate LAN segments per port; so that port 1 is 192.168.1.0 and port 2 is 192.168.2.0.On port 1 of the 861, I should put some device (I'd probably use an Airport because I want wired and wireless for the main LAN) that will handle the main LAN and would point back to port 1 (192.168.1.1) as its GW. Then do the same in port 2 with another Airport; extend that airport wirelessly to the Lab and then have a switch to connect everything in the lab to. Since the traffic has already been segmented before I get to the lab, I assume that the switch could just be a dumb switch.
;-) Exactly!
ASKER
So in essence, I am doing all my routing up front instead of trying to carve out something on the backend. I have access to an 871; would that work?
I don't suppose there's a web-based interface for configuring that is there?
I don't suppose there's a web-based interface for configuring that is there?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here's another thought. In this scenario, since I need wireless on my main LAN and I need to have a wireless connection between the router and the basement, I'd have to buy another Airport. My main airport would still function to provide wireless on the main LAN and I'd need another one to sit on the router to connect wirelessly to the downstairs. I was wondering if you had any knowledge of Power Line Networking. If that would work, I could totally eliminate the need for the lab Airports and bring the signal down directly to the lab. I think the downside of this is that the max speed is 100 MB and I'm used to running a GB speeds within the LAN.
There are powerline adapters that provide up to 500MBps links.
The only restriction for the powerline link to work would be that the sender and receiver to be connected on AC plugs that are powered by the same AC phase. If this is not the case either you will not be able to interconnect them or you will have delays and degradation of the signal's quality. Can't you run an ethernet cable from the router to the LAB's switch? This would be the perfect and more reliable solution.
The only restriction for the powerline link to work would be that the sender and receiver to be connected on AC plugs that are powered by the same AC phase. If this is not the case either you will not be able to interconnect them or you will have delays and degradation of the signal's quality. Can't you run an ethernet cable from the router to the LAB's switch? This would be the perfect and more reliable solution.
ASKER
No, unfortunately it's too far away and I'd have to do some work in the wall... which is not worth it for this.
ASKER
So here's what I did.
I really want to avoid buying another Airport and I think that the Netgear device would have worked if I'd been more knowledgeable about configuring it. So, past my lab Airport I put the Cisco 871. I configured FE0 to have a single IP address that's on the main LAN and that port connects to the lab Airport. Then I configured FE1 to be another VLAN with the IP range of the LAB and that connects to a dumb switch into which the lab devices connect.
I also set up a NAT rule that has the main LAN Vlan designated as the one that can talk to the Internet and the lab LAN connected to it. Now, I can ping from the lab to devices on the main LAN, I can ping from devices on my main LAN to the lab and I can ping between devices on the lab VLAN. The only thing that isn't working is getting from the lab to the Internet. DNS seems to be working as tracert's will resolve names into IP addresses, but tracing never gets off of the lab LAN. Any thoughts?
I really want to avoid buying another Airport and I think that the Netgear device would have worked if I'd been more knowledgeable about configuring it. So, past my lab Airport I put the Cisco 871. I configured FE0 to have a single IP address that's on the main LAN and that port connects to the lab Airport. Then I configured FE1 to be another VLAN with the IP range of the LAB and that connects to a dumb switch into which the lab devices connect.
I also set up a NAT rule that has the main LAN Vlan designated as the one that can talk to the Internet and the lab LAN connected to it. Now, I can ping from the lab to devices on the main LAN, I can ping from devices on my main LAN to the lab and I can ping between devices on the lab VLAN. The only thing that isn't working is getting from the lab to the Internet. DNS seems to be working as tracert's will resolve names into IP addresses, but tracing never gets off of the lab LAN. Any thoughts?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, sort of got it... but another issue has arisen. I'm not actually using the WAN port on the Cisco 871. I'm just using 2 LAN ports to create the VLAN's. What I did, that solved the issue with getting to the Internet from the lab was to add a default route pointing to the IP address of the main Airport that connects to the cable modem. When I do that, I can ping every direction AND get to the Internet from a lab device.
However, I realized that when I ping from the main LAN to the lab, the reply is from the natted IP and NOT the real IP. I am concerned that if I attempt to access the apps on the lab servers from the main LAN it will fail because of the natting. I removed the NAT statement and now that issue is gone; pinging works in all directions still and pinging from the main LAN now returns the actual IP from the lab side. However, now my ability to get to the Internet is gone again.
However, I realized that when I ping from the main LAN to the lab, the reply is from the natted IP and NOT the real IP. I am concerned that if I attempt to access the apps on the lab servers from the main LAN it will fail because of the natting. I removed the NAT statement and now that issue is gone; pinging works in all directions still and pinging from the main LAN now returns the actual IP from the lab side. However, now my ability to get to the Internet is gone again.
ASKER
Probably can't have it both ways. The NAT is probably needed to route the other network all the way out to the Internet, but it may - although I haven't had a chance to test this - keep me from accessing the server apps. If I have to choose, accessing the server apps is the more important thing.
ASKER
I did test this and with the NAT statement in place, I can get to the Internet, but I can NOT access apps on the lab servers. If I remove the NAT statement, my access to lab resources from the main LAN returns, but Internet access is gone from the lab servers. Oh well...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I assume this is all done on the 871?
ASKER
Got it finally. I kept not seeing in SDM how to do this last part which was the Static NAT address. I did some more digging and discovered that SDM is VERY Java specific and I was using a very new version of Java. After I loaded in a much older version all of the edit buttons, which had never worked before started to work and I was able to do the last step. So now I can ping all directions, get to the Internet from the lab and get to the apps on the lab server.
Thanx for all your help.
Thanx for all your help.