• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Properly isolating subnets

G

Gonad the Barbarian

Lifer
I need to isolate an access point from the rest of the intranet. I have three routers.

If I use them in a serial connection

C->B->A->WAN

even if each has different IP range

C=192.168.3.x, B=192.168.2.x, A=192.168.1.x

C can access B's computers, B can access A's computers, but not the reverse, correct?


If I use them in a Y configuration with C & B parallel with those same IP ranges

C->A->WAN
B->^

C & B cannot access each others computers
A cannot access C & B's computers
but both C & B can access A's computers. Is this correct?
 
Last edited:
If you are talking about using "NAT" and not routers then yes that is correct but with dual and triple NAT you have a nightmare in the making. Basically you will have connectivity issues and will break quite a few protocols.

The correct solution will likely be a rules based firewall. You may be able to cheat and use the "guest" feature on some of the cheaper routers.
 
If the Wireless is on the Source Router and the rest of the network is behind one additional Router. The Wireless can not access the Network and opening might be feasible. ( http://www.ezlan.net/shield.html )

Otherwise get get a Wireless Router that has a configuration for Wireless Guest account, or Wireless isolation.


😎
 
Some of the newer Draytek Vigors will allow you to have multiple subnets on the LAN ports. The LAN ports can be separated using the VLAN config on the router so the network connected to port 1 has no connection to ports 2 & 3, but can connect to the network on Port 4. So you could have 3 separate subnets on ports 1, 2 , and 3, and they would all be isolated from each other, but could all access the subnet on port 4.

I know this works on the 2850, and think it probably works on the 2830 as well. Its not on the 2820.

These units are more expensive than the home based routers, but are aimed at business users.

Rob.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top