Trying to experiment w/2 networks w/in the same house

[beermaker]

If I'm 'over-engineering' this please don't hesitate to offer a different solution. I'm learning and need the critique.

I have 2 switches and a router connected to my broadband connection. I'll call them network A and B.
Network A switch is using DHCP, faces the internet, and there's a single box on it. It's using the default 1st octet (192)
Network B switch has a static IP using 200 as the 1st octet. It's attached to a Winserv03 being utilized as a DC|DHCP|VPN server.
Why? I want to isolate the server so I can experiment with the VPN from the one box on network A and eventually go one step further and access the vpn from the internet. For now I just would like Network A to see Network B.

Any and all help is appreciated - thanks.

 

[VirtualLarry]

Do you have 200.x.x.x allocated to you? AFAIK, that's not a private network.

 

[JackMDS]

What Isolates Network A from B? A regular switch would Not do it.

 

[beermaker]

Well I thought since 200 and 192 are different that would be the isolation. My understanding (once again I'm fairly new to this) is that for example hulu dot com sits at 81.xxx.xxx.xxx and Google is 209.xxx.xxx.xxx the fact that the 1st octet is different is what isolates them from each other. If I put network A on 192.168.2.1 and then b on 192.168.1.1 then there's no isolation. Granted it's not true isolation unless I have a router but I'm just trying a simulation.

 

[JackMDS]

Given diifferent IPs per-se does not assign two Networks. In order to have separate networks you need an additional Router.

Example, http://www.ezlan.net/shield.html

Set your regular Network on the first Router, and the Server on the second Router.

Please Note, you can not use an external Internet IP type for local Network.

For Local Network (LAN).

Example,192.168.1.1 is Network One, and 192.168.2. 2 is Network two.

The general rule is 192.168.X.x and 192.168.Y.x

 

[beermaker]

Awesome thank you. This is great info.

 

[alpineranger]

Wow, beermaker, you have some significant misconceptions about how this works. I would suggest you read about subnetting (go google / wikipedia it).

Having a number of computers on the same layer 2 domain (all hosts connected to a network of interconnected switches, or just one switch), are not isolated. Technically they should be able to talk to each other. However, if you have given two such hosts significantly different ip addresses it is almost certain that the default subnet mask that is applied will make them think they are in different networks - they won't be able to talk. The reason this is because each device will not look for devices outside of it's network on it's LAN (that is, it's Layer 2 domain). Technically, it can, as there is no real isolation, it just doesn't try. Whenever a host tries to talk to another host outside it's network (which is a mere administrative convention), it will forward that packet to a locally connected router, which is responsible for handling the packet from that point.

Technically, you can use an "external" IP on your local network. However, what this will do is make the "real" ip (or the real network) on the internet unreachable, as packets which you want to be directed externally will instead stay on your local network. Therefore, it is strongly recommended that you use addresses which are by convention set aside for private networks, eg 192.168.1.0.

 

[kevnich2]

Does anyone else understand what this guy is trying to do? Having two switches doesn't mean you have two different networks? A switch just passes traffic? It sounds to me like you don't really know what your doing to start with so how can you experiment with that? And yes, you having 200 as the first octet of your IP is only possible if that's assigned to you by your ISP as that is not in the private network addresses. You can't just pick an IP address off the top of your head and put that in your network. You may want to do a bit more research on this before you start implementing things. Also, what is it that your actually trying to accomplish??

 

[beermaker]

Hey that's why I'm here - to learn.
@kevnich2 I used the 200 for the first octet since it's in the same class c network AND it's not what's being assigned by my ISP. I made a mistake in thinking it was a private address. AFAIK I could use 200 the same way APIPA is used in that it wouldn't matter as long as the first 3 octets matched on all the other systems. I knew they'd never reach the internet and that's what I was trying to do.

if you have given two such hosts significantly different ip addresses it is almost certain that the default subnet mask that is applied will make them think they are in different networks - they won't be able to talk.

Yeah I forgot about that and understand the reasoning.

My goal is to connect to the server via VPN and eventually create a VPN I can connect to through my gateway.

 

[kevnich2]

Before you start trying to do this VPN setup your trying to do, do us all, including yourself a big favor and READ up on how networking and subnetting works FIRST. Then do it. Do you run before you walk, no! Read on how this all works, understand how basic networking and subnetting works, then actually try setting something up. Your going about this the totally opposite way.