Avatar of Amber Bruelemans
Amber Bruelemans
Flag for Belgium asked on

Which networking switch i can buy which can allow me this following setup?

I have from Belgium ISP Telenet fibernet package. Now: ISP offer 8 Public IP but there setup has to be as below:

WAN IP: 212.x.x.2
and LAN IP: 82.x.x.1 <-- those are my 8 public ip subnet
static route: 0.0.0.0 0.0.0.0 212.x.x..

But many routers do not have this feature i found Draytek Vigor 2900 (EASY to USE with Web interface) and they had WAN ALIAS which works and allow without doing NAT or DMZ transparent Public IP's.

The only biggest problem with DrayTek Vigor 2900 router is that it get daily after 2 or 4 hours later frozen or slow down the whole intranet / internet as a result i want to stop using it and there support department still not fixing those BUGS.

I have used Juniper/Cisco routers too but they are very time consuming + difficult to maintain + very hard to quickly solve a problem when its complicated because its not friendly for normal users.

So my question is now. Can you please advise instead of ROUTER is there no hardware SWITCH only??? Which does no firewall/ no nat / no ip tables nothing but allow the ISP 8 public IP and 1 WAN setup like Telenet ISP offering? Then i can maintain my ip tables myself in Linux and get quality IP traffic via SWITCH (instead of wasting time and getting frustrated having routers to build more complication)


Please advise such switch feature which offer the ISP requirements so that a switch i can use instead of router to achieve the same goal.
BroadbandTelecommunicationsNetworking

Avatar of undefined
Last Comment
noci

8/22/2022 - Mon
Phonebuff

I would advise against that -- In today's world you nee the protection and support of a good Firewall / router to protect your network and devices.  

You might want to look at the pfSense firewall project --  Easier and cleaner interface.  

https://www.pfsense.org/

================
jlevie

A plain switch will do this, but you will be limited to 8 nodes on the network and each node must be configured for with one of the public IP/netmask and default gateway. You also will not have a firewall except what is on each machine.

Much better to place a firewall/router between the world and your local network.
noci

look into routers, lots of CPE can handle this.
I have good experience with ZyWall (from Zyxel).

Easy to setup & maintain
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Amber Bruelemans

ASKER
@jlevie: A Plain SWITCH will do this. but you mentioned to use each port configured public IP/netmask, but normal SWITCH does not have such setup. Which Brand do you recommend please where i can do exactly some configuration you are telling.

(i understand the security/risk etc etc involved, but i am Multimedia person and i do not need security/risk making quality damaged, so i will manage the security not via ROUTER but from OS other way around)


Should i then take ZyWall SWITCH ? or some other SWITCH? what exactly the SWITCH need to have in there specs which you mentioned i can do.
jlevie

None of the configuration is done on the switch. All configuration is done on the nodes (computers) that connect to the switch.
noci

No Zywall is not a switch it is a router.  if you want performance up to 200Mbps look into a zywall 100/200 if you need less
a zywall 20 may be sufficient.

In network sense a switch is like a connector putting together many connections on one box. if works on the MAC layer. (layer 2).
Internet needs some routing function, that is network layer 3 and up.

And if you put a system directly on the internet, i hope you hardened it first . Seriously hardened it.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Amber Bruelemans

ASKER
@noci: OK thank you. I will look for it, i found interesting the SWITCH method even its not safe but that provides co-location like internet access which right now i need, cause my node (computer) i have my own iptables/firewall/filtering/packets tracing etc. So i really do not need external hardware slowing down the packets arrival to the node.

@jlevie: OK thank you. node/computers will be doing the iptables/firewall/packets filtering tracing etc etc i understand. But what i am not understanding is that my ISP want me to configure following:

Uw technische gegevens zijn:
WAN route
213.xx.xx.52/30
LAN route
82.xx.xx.6/29
Telenet IP address (WAN-tunnel)
213.xx.xx.53
Europe IP address (WAN-tunnel)
213.xx.xx.54
 
They suggested sample config:

interface GigabitEthernet0
description ### WAN ###
ip address 213.xxxxx54 255.255.255.252
duplex auto
speed auto
service-policy output SHAPE
!

interface Vlan1
description ### LAN - this is your 8 public IP;s ###
ip address 82.xxxxx7 255.255.255.248
!

# this is for OUTgoing
ip route 0.0.0.0 0.0.0.0 213.xxxxxx53

Question: where is the INCOMING rule? i assume we have to use DMZ or NAT again??
then we are losing quality of packets transfer so i want to avoid ROUTER and NAT

1) Now with Juniper i have done this, but the problem is i do not want to do those thing with ROUTER, because i am setting a Co-location like internet in my place, where i need those 8 Public IP;s completely router less. So that i can manage t hem in NODE

2) How can  i setup it with SWITCH (but not with ROUTER)


Please suggest, so that ROUTER is completely not involved
noci

The network between you and your provider is the 213...52/30 network with the 52 address as the network address, the 55 as the broadcast address and your end the 54 address and your provider the 53 addres.


You need to send ALL traffic destined for the internet to the .53 address.
Your provider will send all 82.xx.xx.6/29 (8 addresses) to YOU.
That's where the routing comes in you need some equipment the has 213...54 as it OWN address and will forward the 82...6/29
(btw, are you sure it is 6?)  to some other device.
With a  router with a public address ...54 you can get ALL 8 addresses forwarded to another device
With a switch well you will need something to get a MAC address for those IP addresses.
NAT you can avoid, routing i very much doubt it.
Amber Bruelemans

ASKER
@noci: Thank you. Please correct me if i am wrong

1) i connect my main ISP cable to a SWITCH (which model, which brand does those feature offers do not know please recommend)

2) now in SWITCH how can i tell use interface 1 (port 1) as WAN tunnel (213...54),
all the other 8 interface (remaining ports) as public IP ( 82...6/29)

3) everything from 82...6/29 to outside and inside should represent public IP as 82...6/29
not 213...54

* no NAT should be used that is a horrible for multi-media

Can you please suggest which SWITCH can do this or what does those features called in SWITCH?
Then i will buy one and test it.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Phonebuff

Okay, I am going to post here one more time..  

    You CAN NOT DO THIS WITH A SWITCH, EVERYONE HAS TOLD YOU THAT...

     If you don't want NAT, or a Firewall just put a Router at your Demark of the ISP.

     But if your ISP is giving you the a 213..... an you are using a 82.......  

     Then someone somewhere has to be assigning and pushing the routes through your "ROUTER"..
jlevie

The information (and suggested config) from your Telcom provider causes me to have to retract what I said about using a simple switch. That simply won't work. You must have a router to make this connection. The suggested config looks like that for a Cisco router or perhaps a Layer3 switch (which is a router/switch). The smart way to do this is to ask your provider for their recommendation for the router. By using hardware that they recommend you have eased the support situation

"Question: where is the INCOMING rule? i assume we have to use DMZ or NAT again??" there is no need for an incoming rule. That is handled by the router at your provider. Locally you just have to tell the router where to send non-local traffic (default route). NAT is not needed.
ASKER CERTIFIED SOLUTION
noci

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question