Properly isolating subnets

Toggle sidebar Toggle sidebar
G

Gonad the Barbarian

Lifer
Oct 16, 1999
10,490
4
0
I need to isolate an access point from the rest of the intranet. I have three routers.

If I use them in a serial connection

C->B->A->WAN

even if each has different IP range

C=192.168.3.x, B=192.168.2.x, A=192.168.1.x

C can access B's computers, B can access A's computers, but not the reverse, correct?


If I use them in a Y configuration with C & B parallel with those same IP ranges

C->A->WAN
B->^

C & B cannot access each others computers
A cannot access C & B's computers
but both C & B can access A's computers. Is this correct?
 
Last edited:
I

imagoon

Diamond Member
Feb 19, 2003
5,199
0
0
If you are talking about using "NAT" and not routers then yes that is correct but with dual and triple NAT you have a nightmare in the making. Basically you will have connectivity issues and will break quite a few protocols.

The correct solution will likely be a rules based firewall. You may be able to cheat and use the "guest" feature on some of the cheaper routers.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,480
387
126
If the Wireless is on the Source Router and the rest of the network is behind one additional Router. The Wireless can not access the Network and opening might be feasible. ( http://www.ezlan.net/shield.html )

Otherwise get get a Wireless Router that has a configuration for Wireless Guest account, or Wireless isolation.


 
R

robmurphy

Senior member
Feb 16, 2007
376
0
0
Some of the newer Draytek Vigors will allow you to have multiple subnets on the LAN ports. The LAN ports can be separated using the VLAN config on the router so the network connected to port 1 has no connection to ports 2 & 3, but can connect to the network on Port 4. So you could have 3 separate subnets on ports 1, 2 , and 3, and they would all be isolated from each other, but could all access the subnet on port 4.

I know this works on the 2850, and think it probably works on the 2830 as well. Its not on the 2820.

These units are more expensive than the home based routers, but are aimed at business users.

Rob.
 

mammador

Platinum Member
Dec 9, 2010
2,128
1
76
Maybe use VLANs.

To have all those nodes on the same LAN is too large a broadcast domain.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |