We help IT Professionals succeed at work.

small, multi network, problem

228 Views
Last Modified: 2016-12-10
ISP provides 13 static WAN IPs in location A. The nature of the ISP's endpoint equipment is, if  a device with one of the static IP's is connected, it works. If a device request an IP via dhcp, they issue an address via dhcp, on their own IP address. This dhcp server cannot be disabled. Previous endpoint equipment had a port with no DHCP.  At location A, we have two physical networks, and two routers, each using one static WAN address. One for our business, (172. ips)  and one for customer network.
There is a wireless bridge between location A and location B.  At location B, we distribute to 5 more locations wirelessly, but each of those has a static IP from the range, with their own router. We also have the main internal server for our business, at location B.
We have a network cable from the 172. network, and from the port on the ISP endpoint, in a switch that is also connected to the wireless link to location B, thus providing WAN IPs and 172. IPs for the business equipment. However, that makes two DHCP servers on the same network, and after a few days, it all collapses. Previously, I had hooked up a small Mikrotik device, in the line coming from the ISP equipment, that blocked DHCP offers, and that worked, but it seemed not "snappy" for lack of a more technical description. That box died the other day, so now the problem is back, and I would like to make it as efficient as possible, without spending a fortune. I need advice on whether to just go back to blocking the undesired DHCP server, or use VLANs somehow ( I have switches to support that, but am unsure how to best use them), or put another router at location B, and then VPN back to location A for business network. Or a better simpler solution...
Comment
Watch Question

Bill BachPresident and Btrieve Guru
CERTIFIED EXPERT

Commented:
I would NEVER recommend connecting ANY servers or workstations directly up to an ISP's network like this!  With all of the malware running around, this is pure madness!

What you REALLY need is a firewall (with DMZ support) at the network edge.  The firewall would NAT off all of the internal machines to help protect them (and provide internal DNS/DHCP if needed), and then you can place public-facing servers in the separate DMZ where they can be isolated from the inside of the network and somewhat protected.

I confess that I did not understand much of the rest of your text, as it starts getting a bit hard to read after a while.  If you need a more complete recommendation, I would first recommend that you draw up a simple diagram of your network and then take a snapshot of it from a digital camera or cellphone -- then post the picture.  The increase in readability will be dramatic.
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Gentlemen,
i appreciate your comments. I will work on a drawing to post, so it is more obvious what I am trying to describe. I found a network switch in my stock, that will block dhcp, so I impplemented it, and the immediate emergency is over. I do want to improve the network, so I will repost with more complete information, later. Thanks.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.