Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 Routers, 1 LAN

Status
Not open for further replies.
rickcolton

rickcolton

IS-IT--Management
Dec 14, 2009
6
0
0
GB
Hello, in need of some help if possible. I currently have two routers on one network operating as follows:

Router 1: Staff Use
172.16.0.1
DHCP from 172.16.1.33
Subnet: 255.255.0.0

Router 2: Training Use
172.16.0.2
Static only from 172.16.2.3
Subnet:255.255.0.0

Both routers and equipment are all on the same LAN but I would like to have the Training Network accessible from the Staff network but not the staff network from the training network.

If anyone can help me with this i would be most greatful, can this be done using Subnetting?

Thanks
 
Sort by date Sort by votes
A router is used to bridge network domains. A device on a network will use the destination IP, its own IP, and the subnet mask to determine if the destination is on the same network segment or not. If the destination is on the same segment, the packet is sent to the destination, otherwise it is sent to the best matching router or default gateway.

Consequently, all devices on your 172.16.x.x/16 network will consider themselves on the same segment and won't go through the routers.

Off hand it sounds like what you need is a switch with ACL (access control list) functionality. Your router's switch portion may have this capability (you will need to investigate). This would allow you to create a set of ports that is only accessible via a subset of the range. In other words, it is still one network segment (not subnetted), but traffic will only flow from one switch bank to the other if it is coming from approved side of the fence.


 
Upvote 0 Downvote
Thanks for the reply, networking really isn't my strong point!!

If the Staff and Training network were on a different class of network would that cause problems e.g.

Staff: 172.16.0.1
Training: 192.168.0.1

How would I get the staff network to talk to the Training network?

Cheers
 
Upvote 0 Downvote
I think this approach would work. Both of these ranges are private so as long as there is no defined routing path, attempts to access an off limits domain would go nowhere.

In order to get the staff side to be able to access the training side, I think you would need a router with two interfaces for the staff. One interface (say eth0) would connect to the 192.168.0.x network and the other (eth1) would go to your default (internet) connection like it does now. You would then tell the staff's router that traffic for the 192.168.0.x range routes via eth0 and make eth1 the default gateway.

This could even be achieved with a PC being used as a router instead of a dedicated device. There may be some other, i.e. better, ways to do this too but this isn't my strong point either. For example, a good router may have multiple ports on it and you can specify some of them being on one range and some on another, I am really not sure what the state of the hardware is today.




 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Wajdi Zghal
  • Locked
  • Question
Sipp between 2 VM
Replies
0
Views
109
Wajdi Zghal
Wajdi Zghal
etrusks
  • Locked
  • Question
Communicating between 2 users whos ip addresses might change 1
Replies
6
Views
66
etrusks
etrusks
iDio
  • Locked
  • Question
Pinging 2 devices connected to switch
Replies
10
Views
112
iDio
iDio
mrbean2766
  • Locked
  • Question
Port Mirroring - Only LAN traffic mirrored!
Replies
3
Views
55
cmeagan656
cmeagan656
SwitchWitch
  • Locked
  • Question
STAR 2 STAR
Replies
2
Views
45
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top