Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Seperating 2 LANS

  • 19-02-2008 11:27am
    #1
    Registered Users, Registered Users 2 Posts: 25


    I have a setup with 2 LANS.

    LAN 1 has 4 PCs attached and is connected to a Netopia wireless router for broadband.

    LAN 2 has 3 P.Cs connected to a hub and no access to broadband.

    I want to connect LAN 2 to broadband but not allow LAN 2 P.Cs to access
    LAN 1 P.Cs i.e I want no communication between to LANs.

    Does anyone know a cost effective solution to this?
    Is there a router out there (Linksys, Netgear?) that could be configured
    to achieve the seperation while allowing broadband access to LAN 2.?


Comments

  • Registered Users, Registered Users 2 Posts: 3,423 ✭✭✭Avns1s


    Can't you set them up as 2 separate workgroups with different names?


  • Moderators, Computer Games Moderators, Technology & Internet Moderators, Help & Feedback Category Moderators Posts: 25,763 CMod ✭✭✭✭Spear


    ryanrod wrote: »
    I have a setup with 2 LANS.

    LAN 1 has 4 PCs attached and is connected to a Netopia wireless router for broadband.

    LAN 2 has 3 P.Cs connected to a hub and no access to broadband.

    I want to connect LAN 2 to broadband but not allow LAN 2 P.Cs to access
    LAN 1 P.Cs i.e I want no communication between to LANs.

    Does anyone know a cost effective solution to this?
    Is there a router out there (Linksys, Netgear?) that could be configured
    to achieve the seperation while allowing broadband access to LAN 2.?

    VLAN's.


  • Banned (with Prison Access) Posts: 339 ✭✭mastermind2005


    Gpedit.msc?


  • Registered Users, Registered Users 2 Posts: 2,534 ✭✭✭FruitLover


    The most straightforward way would be to use VLANs, as per Spear's suggestion, but VLANs are not commonly supported on low-end routers. If you can find a cheap router that supports VLANs, great. Otherwise, you could stick a firewall between the two networks and the router, and use that to make sure the two networks can't see each other. This doesn't have to be anything special, you could stick a copy of Smoothwall on an old PC with 3 NICs and it should work fine.
    Avns1s wrote: »
    Can't you set them up as 2 separate workgroups with different names?

    Not secure - just because Windows doesn't put the other machines in the 'Network Neighborhood' doesn't mean they're not accessible (and that's assuming the PCs are running Windows in the first place).
    Gpedit.msc?

    :confused: I don't know how you could achieve secure network separation with group policies, and this is again assuming the PCs are running Windows.


  • Closed Accounts Posts: 2,039 ✭✭✭rmacm


    ryanrod wrote: »
    I have a setup with 2 LANS.

    LAN 1 has 4 PCs attached and is connected to a Netopia wireless router for broadband.

    LAN 2 has 3 P.Cs connected to a hub and no access to broadband.

    I want to connect LAN 2 to broadband but not allow LAN 2 P.Cs to access
    LAN 1 P.Cs i.e I want no communication between to LANs.

    Does anyone know a cost effective solution to this?
    Is there a router out there (Linksys, Netgear?) that could be configured
    to achieve the seperation while allowing broadband access to LAN 2.?

    A switch that supports VLANs would probably be the best way of going about this.
    Gpedit.msc?

    GPedit is for editing group policy objects on a machine. From what I can see it can't be used to do something like this.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 25 ryanrod


    Thanks for your suggestions.


    VLANS seem to be the handiest solution.

    Linksys have a range of entry level managed switches supporting VLANS
    the SLM2005-UK looks like the cheapest at e78 incVAT 5 port 10/100/1000.


    I also think Smoothwall is a good option.

    But I would prefer to stick a firewall between LAN2 and the net, block all unnecessary ports and use firewall for seperation of LAN2 from LAN2 and LAN2 from net.
    To this end I am looking for a router/firewall appliance thats cheap and will do the job. I am going to look at ZyXEL P-335 and similar to see if any are up to job.


  • Registered Users, Registered Users 2 Posts: 2,534 ✭✭✭FruitLover


    rmacm wrote: »
    A switch that supports VLANs would probably be the best way of going about this.

    The router will also need to support VLANs (specifically trunking) unless a) it's a layer3 switch that can do inter-VLAN routing (usually expensive), or b) the router can support multiple internal interfaces on seperate networks (e.g. a DMZ port) in which case VLANs are redundant and the existing switches/hubs can be used.


  • Closed Accounts Posts: 1,956 ✭✭✭layke


    Just install Norton Firewall, it'll **** up your newtwork enough so you can't talk to anything :P


  • Registered Users, Registered Users 2 Posts: 105 ✭✭merkuree


    As previously stated, if you decide to use vlans to isolate traffic..

    - you will require some type of layer 3 device to enable communication between the 2 subnets as the use of vlans implies different subnets (even though vlans are a layer 2 technology).

    - In the absence of multiple available ports on the L3 device, you will require a switch that is capable of trunking and a router capable of dot1q encapsulation.

    - If your l3 device has multiple available internal interfaces (and you have multiple hubs), ditch the vlan idea and allocate one network to internal interface on the router and configure seperate subnets and static routes.

    If you want a software only, logically seperate but non-100%-secure method, use software firewalls on your workstations and limit outbound and inbound access using specific rule sets, based on app or ports.
    Not ideal, but a quick workaround.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    Get a pair of broadband routers with one WAN port and 4 LAN ports each. Connect the WAN ports to your internet connection. So you need three boxes, two you probably have already, the netopia and the switch that LAN2 is using. No VLAN needed.

    Neither network connects directly to boadband
    its a sort of DMZ / no mans land and the routers stop traffic going from one network to the other


    +
    Netopia----LAN1
    |
    Switch-Broadband=======internet
    |
    +
    NewRouter
    LAN2


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,534 ✭✭✭FruitLover


    It's likely the current Netopia has a DSL WAN interface rather than ethernet though - so he'd need to get two routers with ethernet WAN ports to get that to work (and then you might have funny double-NAT-ing problems). Might as well just get one router that can handle two seperate internal networks (or set up an old PC as same)


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    FruitLover wrote:
    Might as well just get one router that can handle two seperate internal networks (or set up an old PC as same)
    That would need 3 NIC's

    If the netopia is ADSL then have each of the LAN's on a separate router and have the wan ports connecting to the netopia.

    clients connecting to the netopia won't be able to see either LAN - so a second wireless AP might be needed.

    Note: both lan's could appear on the same subnet if you use router defaults, but are separate, changing one subnet will avoid human confusion


  • Registered Users, Registered Users 2 Posts: 25 ryanrod


    Ok

    What I actually did.

    Got Netgear RP614 with SPI firewall.

    Connected as below.

    LAN1(hub)
    >(LAN port)Netopia(WAN port)
    >Internet
    (192.168.10.x).........................../\
    ................................................|
    ................................................|________________
    ..........................................................................|
    LAN2(Switch)
    >(LAN port)Netgear RP614(Wan port)
    (192.168.1.x)
    Blocked all necessary ports on RP614. Installed and working.

    I decided on appliance because cheap and can be replaced easily with
    no complications if any probs in the future.


Advertisement