Avatar of GCITech
 asked on

small, multi network, problem

ISP provides 13 static WAN IPs in location A. The nature of the ISP's endpoint equipment is, if  a device with one of the static IP's is connected, it works. If a device request an IP via dhcp, they issue an address via dhcp, on their own IP address. This dhcp server cannot be disabled. Previous endpoint equipment had a port with no DHCP.  At location A, we have two physical networks, and two routers, each using one static WAN address. One for our business, (172. ips)  and one for customer network.
There is a wireless bridge between location A and location B.  At location B, we distribute to 5 more locations wirelessly, but each of those has a static IP from the range, with their own router. We also have the main internal server for our business, at location B.
We have a network cable from the 172. network, and from the port on the ISP endpoint, in a switch that is also connected to the wireless link to location B, thus providing WAN IPs and 172. IPs for the business equipment. However, that makes two DHCP servers on the same network, and after a few days, it all collapses. Previously, I had hooked up a small Mikrotik device, in the line coming from the ISP equipment, that blocked DHCP offers, and that worked, but it seemed not "snappy" for lack of a more technical description. That box died the other day, so now the problem is back, and I would like to make it as efficient as possible, without spending a fortune. I need advice on whether to just go back to blocking the undesired DHCP server, or use VLANs somehow ( I have switches to support that, but am unsure how to best use them), or put another router at location B, and then VPN back to location A for business network. Or a better simpler solution...
NetworkingNetworking Hardware-OtherRoutersDHCP

Avatar of undefined
Last Comment

8/22/2022 - Mon
Bill Bach

I would NEVER recommend connecting ANY servers or workstations directly up to an ISP's network like this!  With all of the malware running around, this is pure madness!

What you REALLY need is a firewall (with DMZ support) at the network edge.  The firewall would NAT off all of the internal machines to help protect them (and provide internal DNS/DHCP if needed), and then you can place public-facing servers in the separate DMZ where they can be isolated from the inside of the network and somewhat protected.

I confess that I did not understand much of the rest of your text, as it starts getting a bit hard to read after a while.  If you need a more complete recommendation, I would first recommend that you draw up a simple diagram of your network and then take a snapshot of it from a digital camera or cellphone -- then post the picture.  The increase in readability will be dramatic.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

i appreciate your comments. I will work on a drawing to post, so it is more obvious what I am trying to describe. I found a network switch in my stock, that will block dhcp, so I impplemented it, and the immediate emergency is over. I do want to improve the network, so I will repost with more complete information, later. Thanks.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.