Subnet for Private IP address Network Range?
Not being a network guru at all, my question is best left to those of you who are... :))
I have a simple /24 network (even simpler diagram, is attached) for a small site that also incorporates a server (Win2008R2) for AD, DHCP, DNS, file, print and email services. All is fine except I'd like to have a Wireless device (home/smb grade) provide an independent set of IP addresses for only the wireless clients (see attached in red).
This would be easy for a router that is acting as the DHCP server and has a Guest network option but this is not the case and is not possible here due to the server.
If subnetting would work (assume IPv4) - how would I need to configure/reconfigure existing clients and/or a router/wap to separate the IP address ranges? I can figure out the IP mask and all that - just unsure of how (or if) network traffic flow would be as desired and how/if I can have a single wireless device dedicated to a limited IP range.
Hope this is clear enough!
SimpleMap.jpg
I have a simple /24 network (even simpler diagram, is attached) for a small site that also incorporates a server (Win2008R2) for AD, DHCP, DNS, file, print and email services. All is fine except I'd like to have a Wireless device (home/smb grade) provide an independent set of IP addresses for only the wireless clients (see attached in red).
This would be easy for a router that is acting as the DHCP server and has a Guest network option but this is not the case and is not possible here due to the server.
If subnetting would work (assume IPv4) - how would I need to configure/reconfigure existing clients and/or a router/wap to separate the IP address ranges? I can figure out the IP mask and all that - just unsure of how (or if) network traffic flow would be as desired and how/if I can have a single wireless device dedicated to a limited IP range.
Hope this is clear enough!
SimpleMap.jpg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The problem you run is that you can only have one subnet per LAN. The 2950 does not have any layer 3 functions, so if you create two vlans, it cannot route between them, and will send the other vlan to the router. But the dlink has to support either multiple vlans or sub interfaces.
what is the dlink model out or curiosity
What are you trying to do, completely isolate the network for Wireless clients? Home Routers have Guest features by default.
If you want to have a different ip address scheme you need to do the following...
- create new vlan (for wireless)
- Allow vlans to route between each other
- add a dhcp helper address on the Wireless vlan associated with your DHCP server on your default vlan
- create a new DHCP scope on the DHCP server for the new IP scheme
Personally what I would do is just setup the wireless devices and extend your current IP scheme from /24 to /23 (255.255.254.0) and create a range for wireless devices say i.e. LAN = (192.168.0.1 - 192.168.0.255) Wireless (192.168.1.0 - 192.168.1.254)
The new IP scheme would provide 512 available hosts rather than 256. Well 510 respectively .0 for network and .255 for broadcast.
Will.
If you want to have a different ip address scheme you need to do the following...
- create new vlan (for wireless)
- Allow vlans to route between each other
- add a dhcp helper address on the Wireless vlan associated with your DHCP server on your default vlan
- create a new DHCP scope on the DHCP server for the new IP scheme
Personally what I would do is just setup the wireless devices and extend your current IP scheme from /24 to /23 (255.255.254.0) and create a range for wireless devices say i.e. LAN = (192.168.0.1 - 192.168.0.255) Wireless (192.168.1.0 - 192.168.1.254)
The new IP scheme would provide 512 available hosts rather than 256. Well 510 respectively .0 for network and .255 for broadcast.
Will.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Bryant
Front end is d_link DIR655
TP-Link is (I think) is a WR642G (desired location for an isolated IP pool)
Will
Completely isolate the network for wireless clients? Yes - but for only one (of three) wireless devices (or the addition of a 2nd DIR655 {an existing spare}). The device desired to provide independent addresses is an extension of the current network (192.168.0.0) and is wired through a 24port D-Link switch that connects to the Cisco.
It seems I need to look further into VLANs and your comment regarding "DHCP helper" address. I was hoping it may be simpler. But even if the Cisco was setup to create a VLAN ( knowing as much as I don't :) ) I would suspect that all devices on that network segment and beyond supplied by the Cisco ports would be part of that VLAN would they not?
-----
The easiest option would definitely have been to use the main router's guest network feature (DIR655) but it will not work without the device also being the DHCP server to assign addresses.
Perhaps a dumb question but - can a home router simply use it's WAN port to connect to the current internal network (192.168.0.x) and then be configured using its own DHCP server to assign addresses to clients (such as 192.168.1.x) and be able to route only internet traffic? If even possible, how would the WAN port need to be setup?
Front end is d_link DIR655
TP-Link is (I think) is a WR642G (desired location for an isolated IP pool)
Will
Completely isolate the network for wireless clients? Yes - but for only one (of three) wireless devices (or the addition of a 2nd DIR655 {an existing spare}). The device desired to provide independent addresses is an extension of the current network (192.168.0.0) and is wired through a 24port D-Link switch that connects to the Cisco.
It seems I need to look further into VLANs and your comment regarding "DHCP helper" address. I was hoping it may be simpler. But even if the Cisco was setup to create a VLAN ( knowing as much as I don't :) ) I would suspect that all devices on that network segment and beyond supplied by the Cisco ports would be part of that VLAN would they not?
-----
The easiest option would definitely have been to use the main router's guest network feature (DIR655) but it will not work without the device also being the DHCP server to assign addresses.
Perhaps a dumb question but - can a home router simply use it's WAN port to connect to the current internal network (192.168.0.x) and then be configured using its own DHCP server to assign addresses to clients (such as 192.168.1.x) and be able to route only internet traffic? If even possible, how would the WAN port need to be setup?
ASKER
tmoore
I have heard of Cisco Meraki devices but have not used them. I believe that Meraki and Aruba would both involve hardware and/or subscription costs though.
Unfortunately not an option - at least at this point.
I have heard of Cisco Meraki devices but have not used them. I believe that Meraki and Aruba would both involve hardware and/or subscription costs though.
Unfortunately not an option - at least at this point.
can a home router simply use it's WAN port to connect to the current internal network (192.168.0.x) and then be configured using its own DHCP server to assign addresses to clients
I do not believe that will work. With a home router you are going to hit walls when you are trying to implement solutions. Home gear is at low cost because it doesn't have all of the features that Enterprise/Business class hardware does.
And if you require 2 different vlans and you want to use the server on the opposing vlan you have to use a helper address because DHCP broadcast from client do not go across vlans. Which is why you need the helper to point the clients to the proper server on a different network.
Will.
Will.
ASKER
Well - if nothing else - all of this explains why I was having trouble getting it straight in my head! :))
Seems that it will not be possible without an investment in hardware, reconfiguration or both. I had already modified my simple diagram earlier so I've included it anyway just for a little better clarity.
But I do have a better understanding so thanks to all.
I will leave question open a bit longer before I wrap it up.
SimpleMap2.jpg
Seems that it will not be possible without an investment in hardware, reconfiguration or both. I had already modified my simple diagram earlier so I've included it anyway just for a little better clarity.
But I do have a better understanding so thanks to all.
I will leave question open a bit longer before I wrap it up.
SimpleMap2.jpg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't think that would work, the router will not know of the two subnets unless you can sub interface it.
Now I can think of another messy solution, setup vlans on the 2950, assign the dlink switch to the an access port on the new vlan and the port for the server should trunk both vlans. Assuming the server supports vlans on the network card, it could act as a dhcp server internet gateway for the wireless network. Negative is that all traffic from the wireless will hit the server, then out to the internet. Again I said very messy.
Now I can think of another messy solution, setup vlans on the 2950, assign the dlink switch to the an access port on the new vlan and the port for the server should trunk both vlans. Assuming the server supports vlans on the network card, it could act as a dhcp server internet gateway for the wireless network. Negative is that all traffic from the wireless will hit the server, then out to the internet. Again I said very messy.
ASKER
vivigatt
Interesting. I was wondering if this would work.
If I understand... (this may be way off base)
Do you mean connect the WAN port of the router to the office LAN (eg 192.168.1.0/24) and configure the router to use it's own DHCP service to provide wireless IP addresses (eg 192.168.1.0/24). Would internet traffic flow through to wireless clients?
I would prefer to use static setup so assuming that.
Does this make any sense for the WAN port config...
IP Address: 192.168.0.60
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
Primary DNS: 8.8.8.8
Secondary DNS: 8.8.4.4
OR
should DNS use the server's DNS address vs Google?
The device would only supply wireless with no wired clients.
Internal DHCP would be used to give out addresses such as 192.168.1.0/24
Interesting. I was wondering if this would work.
If I understand... (this may be way off base)
Do you mean connect the WAN port of the router to the office LAN (eg 192.168.1.0/24) and configure the router to use it's own DHCP service to provide wireless IP addresses (eg 192.168.1.0/24). Would internet traffic flow through to wireless clients?
I would prefer to use static setup so assuming that.
Does this make any sense for the WAN port config...
IP Address: 192.168.0.60
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
Primary DNS: 8.8.8.8
Secondary DNS: 8.8.4.4
OR
should DNS use the server's DNS address vs Google?
The device would only supply wireless with no wired clients.
Internal DHCP would be used to give out addresses such as 192.168.1.0/24
ASKER
bryant
Thanks for sticking with this. When you mentioned a VLAN I was thinking basically of what you are saying (as best as I can follow <grin>). But this would require separate CAT5 line to intended wireless router as well as switch reconfiguration and server setup. Although that would actually all be possible it would use a spare line for an otherwise critical line (feeds a 24 port switch).
One fuzzy thing - you mentioned all traffic would flow back to server - is that because the server would be handling routing between the two?? Would the switch not do that?
tmoore1962
I have checked into the Aruba devices a bit (Instant 205/103) and like what I have seen. They also seem to be more "independent" that the Cisco's solution if I understand the vendor. Too bad it's not in their budget as it seems as though it should be an easy implementation.
Thanks for sticking with this. When you mentioned a VLAN I was thinking basically of what you are saying (as best as I can follow <grin>). But this would require separate CAT5 line to intended wireless router as well as switch reconfiguration and server setup. Although that would actually all be possible it would use a spare line for an otherwise critical line (feeds a 24 port switch).
One fuzzy thing - you mentioned all traffic would flow back to server - is that because the server would be handling routing between the two?? Would the switch not do that?
tmoore1962
I have checked into the Aruba devices a bit (Instant 205/103) and like what I have seen. They also seem to be more "independent" that the Cisco's solution if I understand the vendor. Too bad it's not in their budget as it seems as though it should be an easy implementation.
ASKER
Yes, the server would act as a router/gateway. That is why all traffic flows back, is the DLINK a managed switch? The Cisco 2950 is layer 2, and does not support layer 3 functions, inter-vlan routing is a layer 3 function.
So it falls back to the server or router as a potential configuration point. If it were me, I would seriously look into replacing the router, you can normally get cheap cisco routers on ebay, I think I picked up a 2811 a year ago for under $200. Old technology but has the features you need.
Sticky point is that dlink and what it supports.
So it falls back to the server or router as a potential configuration point. If it were me, I would seriously look into replacing the router, you can normally get cheap cisco routers on ebay, I think I picked up a 2811 a year ago for under $200. Old technology but has the features you need.
Sticky point is that dlink and what it supports.
ASKER
Thanks Bryant!
I believe I have a solution using an existing dLink DIR655 - essentially as per my last post - but will explain further shortly...
I believe I have a solution using an existing dLink DIR655 - essentially as per my last post - but will explain further shortly...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Appreciate all who helped.
This was tough to assign for because I believe there were good suggestions if it were not for the rather restrictive (ie: $0) budget!
I marked my own entry as best solution because it provided exactly what was needed. It was most similar to [vivigatt]'s but that pose did not - on its own - provide isolation but instead routed between the networks and did not provide isolation. Assistance from [Bryant Schaper] was awesome with good suggestions for bigger budgets as was [tmoore1962]'s suggestion for which I liked the Aruba solutions. Had checked into them but they were also too costly.
Thanks to all!
This was tough to assign for because I believe there were good suggestions if it were not for the rather restrictive (ie: $0) budget!
I marked my own entry as best solution because it provided exactly what was needed. It was most similar to [vivigatt]'s but that pose did not - on its own - provide isolation but instead routed between the networks and did not provide isolation. Assistance from [Bryant Schaper] was awesome with good suggestions for bigger budgets as was [tmoore1962]'s suggestion for which I liked the Aruba solutions. Had checked into them but they were also too costly.
Thanks to all!
ASKER
The routers are low end home-class devices (D-Link, TP-Link) and there's no budget to change/add anything. If I run DHCP on the router it will conflict with Windows Server DHCP. Even if I separate IP ranges, how would IP addressing be controlled so that only the wireless device connections (actually - also a second switch away from the Cisco) would give out a limited IP range, separate from the main network?
Essentially what is needed is similar to the home router "guest" network feature that assigns a separate IP address range for internet only access.
Again - not sure if I am making sense but hope this is clearer.