Solved

Network Help

Posted on 2013-12-07
12
49 Views
Last Modified: 2016-06-02
Please check attachment.

I need help in OFFICE 1 connection and configuration.

Office 1 pcs have lan and wireless adapters.
Pcs are connected to HP 1410 switch via ethernet cards to access file servers. Ips are shown in diagram.
Wlan adapters access internet from ZyXEL N4100 through DHCP.

I want to remove all wireless adapters from pcs in office1 and use the Network card to both access the file servers and internet.  How can i do that?  What configuration i should do?

What IPs should i use.  And is there a special connection that i need to do to connect n4100 with the HP switch.

Yet have my network secure from guests who access internet from rooms and lobby via N4100.  Gateway has layer 2.

What is the best configurations to do here.

My network
0
Comment
Question by:waow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 27

Expert Comment

by:Steve
ID: 39704323
Bit of a complicated one really.

The simple answer is yes. All you really need to get internet access on the wired lan is to create a valid default gateway on the subnet in office1 with the servers on.
As your setup is a little overcomplicated the question us how to do this....

It would probably help if you could explain the reasons for the current setup?
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39704357
Which ports are your 'office' switches connected to on the N4100?
0
 

Author Comment

by:waow
ID: 39704687
Hi totallytonto,

This setup is for a hotel.

ORIGINALLY
Office 1, is the front desk and the back office where we have 6 pcs wired to an HP switch to two servers.  This network uses 172.16.20.xx

Office 2, is the reservation office, it was working independently .. so they had there own wireless LAN between its 7 pcs and they print to there own network printer.

We had The D-Link router that used to supply internet wirelessly to office 1 and office 2 and to guests in rooms and lobby.

BUT WE FACED A BIG PROBLEM THAT THE ADSL2 ROUTER WAS LIMITED TO 16 IPS, HENCE ONLY 16 COMPUTERS USED TO ACCESS INTERNET!!!

SOLUTION
We bought the ZyXEL N4100 gateway that can give us up to 200 IPs/Users.  We also bought ZyXEL PoE switch and PoE access points.

So the N4100 comes before the D-Link Router as shown in diagram.

And I suggested to connect the HP switch to the to one of the 4 ports of the N4100.  Like this Office 1 pcs can access internet using the Ethernet card via the switch and i can remove all wireless LAN cards.

But like this the IPs of all office 1 need to be like those of gateway 192.168.1.xx and like those of guests who access internet wirelessly.  Doing so i got internet but i failed to connect to file servers ... although they were is same subnet and ip range .. it seems like connecting HP switch to gateway made the newtork sometimes work and sometimes not work

So i dont know about security.

So any other setup is welcome that will ensure seperating our computers office 1 and office 2 from the guests

thanks
0
Are Your IoT Devices Out to Get You?

IoT business is booming, with manufacturers connecting any and every “thing” to the Internet. But as pressure grows to release new products faster and faster, we’re all left to wonder: is security a priority? Join our webinar on June 29th for the answer.

 

Author Comment

by:waow
ID: 39704688
Hi craigbeck,

Port 16 of the HP switch is connected to 4th and last port of the N4100

thanks
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39704710
The N4100 uses two Public ports for guests to connect to the internet via the hotspot service, and two Private ports for your own internal network which doesn't use the hotspot service.

I notice though that your corporate switch has guest access points connected to it.  This is a bad idea as it means your guests can 'see' the corporate network and either:

1] Guests and office users need to use the hotspot, or
2] No one uses the hotspot

I would suggest using an extra switch here to allow you to VLAN your networks effectively, and maybe a bit of routing for each office.  Essentially though...

You should plug one public and one private port into a new switch, and configure different VLANs for each link - let's say VLAN1 for guests and VLAN2 for office.  Port 1 on the new switch would link to the public port on the N4100 and the private port on the N4100 would connect to port 2 on the new switch.  On the new switch port 1 would be in VLAN1 and port 2 would be in VLAN2.

Then, you link your existing switches to the new switch via tagged ports.  You would tag VLAN1 and VLAN2 on the link between the switches to allow both office and guest traffic to come to the N4100.

The ports where APs connect for the guest service would be in VLAN1.  Ports where office devices or servers connect would be on VLAN2.

Make sense?

If you want office1 and office2 to be on different subnets you need a separate router for each office.  You'd need to configure RIP on all 3 routers (the N4100, and each office router) if you want routing to be dynamic, or you can configure static routes.  That's a bit more complicated though.
0
 

Author Comment

by:waow
ID: 39704854
craigbeck,

ALTHOUGH I DIDNT UNDERSTAND MUCH OF WHAT U SAID :)

but i think i got this...

instead of connecting hp switch to n4100 gateway as in diagram, i connect it to PoE managed switch... and this port can be vlan1 and the other ports of the poe are vlan2.. isnt it same as what u r saying
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39704871
Kind of...

Although you might be able to do it without an additional switch - it depends how the offices and guest APs are connected.

If you can connect two links to the switch on the right of the diagram you can do the VLAN tagging there.

Office1 is nice and easy - just connect the switch to a private port on the N4100.

Office2 connects to the switch, then uses a link to a private port on the N4100 via VLAN2 on the switch.

The guest APs connect to the switch on VLAN1 and link to the N4100 public port via a link on VLAN1.


I would still go with routing though, but that's a bit more advanced as I said earlier.
0
 

Author Comment

by:waow
ID: 39704915
craigbeck,

If you can connect two links to the switch on the right of the diagram you can do the VLAN tagging there.

U mean the PoE on the right diagram?  I have empty ports there.

two links
which 2 links, from where they will come

Office1 is nice and easy - just connect the switch to a private port on the N4100.
how to make the port private on the n4100?
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 39704947
It sounds like you could use some VLANS and, maybe, some networking lessons.
Basically, you want to separate your network traffic into "private" (office) and "guests" (rooms/lobby).
You can do that with 2 VLANs, one private and one guest, and not route packets between both VLANs so that they are isolated one from the other.

But it can even be simpler:
Assuming that guests will connect with WiFi only and office users with Wifi and wired ,  create a Guest WiFi only network and another Wifi/Wired only network. You need 2 WifI-gateways, one for Guest, one for Office, both being connected to your DSL/Cable router. Then, use cables from both "root" gateways to create your networks.
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39706820
Waow - ignore me!! I was talking about the G4100, not the N4100.

The easiest bet is to use separate switches if you're not too network-savvy.  Use the N4100 purely for your guest service and use a different router to connect your offices to the internet, and to each other.

You'll also find that's a lot more secure :-)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question