Wireless Networks Thread, Multiple networks, one internet connection in Technical; This might sound a stupid question but im looking for a solution to this problem and im hoping you guys ...
2nd January 2010, 02:35 AM #1
Multiple networks, one internet connection
This might sound a stupid question but im looking for a solution to this problem and im hoping you guys will be able to give me an insight into possible options.
I need to run several seperate networks (to protect data from being accessed), these networks are all in the same building and so they need to have the same internet connection (currently being provided by a wireless router)
Ive thought of a few workarounds but im sure there are better ways of achieving a proper solution.
Thanks in advance
2nd January 2010, 03:04 AM #2
Could probably use smooth wall and 3 orange interfaces?
Thanks to jedmondson from:
2nd January 2010, 10:26 AM #3
It should be simple enough to run two domains on the same subnet, so both networks look at the same place to access the internet, but unless you create a trust workstations from network A won't be accessible on network B and visa versa.
2nd January 2010, 11:31 PM #4
Sharing a single internet connection between seperate disparate networks initially seems like an easy task but unless you have some experience in subnetting, Vlans and routers you can quickly find this quite a challenge.
There are a few low cost devices such as the Draytek Routers that have VLAN capabilities on the LAN interfaces which can make this an easy enough task for the smaller networks.
Whilst VLANs are ok for this job up to a point, even these now fail to meet the requirements of some PCI compliancy experts, so if you anticipate sending credit card transactions over these networks forget the vlan options.
Ideally each network would be connected to a DMZ via a dedicated interface.
This soon becomes cumbersome and the benefits of a dedicated firewall appliance such as Sonicwall, Smoothwall, Juniper, Cisco etc etc etc soon becomes a much more sensible solution.
Or alternatively via L3 routing in a high performance switch (the LgFL uses Extreme switches as the managed edge devices)
Here's a DMZ Example to get you started, change IP's to suit,
Internet Gateway LAN IP = 192.168.0.1
Assign WAN addresses to LAN segments,
Network 1 = 192.168.0.10
Network 2 = 192.168.0.20
Network 3 = 192.168.0.30
Network 4 = 192.168.0.40
Now add a simple ethernet cable router to each of your seperate network segments,
Network 1 Lan if = 10.0.10.254 WAN Port 192.168.0.10
Network 2 Lan if = 10.0.20.254 WAN Port 192.168.0.20
Network 3 Lan if = 10.0.30.254 WAN Port 192.168.0.30
Network 4 Lan if = 10.0.40.254 WAN Port 192.168.0.40
As you can see, your comms cabinet will soon fill up with an unmanagable mess of wires, routers and power adapters so even more reason to look at implementing a proper solution.
With the provision of independent broadband circuits being so cheap nowadays you need to ask why do these "companies" need to be sharing a broadband connection anyway?
On one site alone I have a 10mb T1, 3 x SDSL, 4 x ADSL, 2x ISDN and a dial up modem taking care of data and another bucket load of ISDN for the phone system!
150 users internet access, 2 remote sites, Exchange Servers, BES, a retail shop with EPOS, CCTV, Voip, Public/Private WiFi, IPTv, Access Control, Video Streaming, SIP trunks and RDP to a server farm in the Netherlands with a backup in Docklands.
Sorry, a single internet connection just doesn't do it for me anymore...
We use an array of Sonicwall NSA Appliances to join them all together and provide failover and an SSL-VPN appliance for remote access.
3rd January 2010, 12:24 AM #5
all networks on the same subnet, but running different ip ranges works well, it's what I run here and it works fine.
3rd January 2010, 01:08 AM #6
You could always have an extra router for each network. You'ld end up with n+1 routers if n is the number of networks.
Have your internet go to one network (10.1.2.3), then have a router between that and the internal networks, one router for each, the WAN port on each connected to 10.1.2.3 network. Each network will be able to access up the tree (so the internet) but not the other netwroks behind their individule routers without some exceptions being manually added. If it's only light internet traffic going accross the networks then some basic netgear 'cable' routers would do the trick. NETGEAR|WGR614 UK|54MBPS WIRELESS BROADBAND ROUTER | CPC.
3rd January 2010, 10:28 AM #7
Thanks guys for your replies! Really useful,
Ive been looking at the draytek range and i think i might have found a solution thats suitable
3rd January 2010, 01:12 PM #8
We have a Draytek router that is surplus. I can't remember the model but if you are interested, I can take a look tomorrow.
12th January 2010, 09:53 AM #9
The way ours was set up before I started (and still is) goes something like this...
- Janet connection incoming with their usual Cisco router
- Output Ethernet from the router goes to a switch
- Switch has 2 connections coming off it
- Each connection goes to the RED interface of an IPCop firewall box (similar to Smoothwall)
- One IPCop per network (admin and teaching)
On another install I'm doing soon at an outcentre there's only 1 PC on the admin so probably trying IPCop with RED + BLUE + GREEN interfaces. Admin PC on the Green won't be accessible from teaching PCs on the blue... should do the trick
By BarriedaleNick in forum London Grid for Learning (LGfL)
Last Post: 7th November 2009, 09:02 PM
By FN-GM in forum Wireless Networks
Last Post: 29th December 2007, 07:19 PM
By wrights in forum Wireless Networks
Last Post: 10th September 2007, 10:02 AM
By WithoutMotive in forum Wireless Networks
Last Post: 27th July 2006, 12:14 PM
By richard in forum How do you do....it?
Last Post: 22nd April 2006, 08:23 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)