Solved Multiple Private Networks, One Modem

March 23, 2015 at 06:44:25
Specs: Windows 7 (x64)
Hi all,
I have been doing some googling in creating multiple networks from one modem and I think I have cracked it. One site was particularly helpful and regarded this question as 'Cascading Routers'

I have attached a link below to a picture of what I believe should work. Can someone take a look at it and confirm if this will work!


http://s30.postimg.org/91u9zfkv5/On...

Much appreciated!

message edited by barbs706


See More: Multiple Private Networks, One Modem

Report •


#1
March 23, 2015 at 09:39:08
Your diagram looks good and that setup should work nicely.

I think though, if it were me, I'd use class A in the office (ie: 10.0.0.0/24) and the class C (192.168.0.0/24) in all other areas. Then you have a little more separation and less chance of anybody sneaking into the office network from the public ones. Also, it makes it easier to keep the two different areas (public vs private) straight in your head when thinking about the IP addressing.

Also, if you have layer 2 equipment, I would definitely make use of VLAN's to also segregate each network.

The only negative comment I have is your diagram, you've labeled your Bar and Pro Shop area's with "WAN IP" The separate pieces of your network are all part of the same physical location. A "WAN" encompasses two or more physical locations. This is just one. But that's just nomenclature and has nothing to do with functionality.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***

message edited by Curt R


Report •

#2
March 23, 2015 at 11:39:04
Thanks for the reply!

Yes sorry about the WAN peices. I meant WAN Port IP.
On one site it said to set the WAN port IP as I described in the image, but one site said nothing about setting a WAN port IP on the two extra routers? If the WAN port was set to DHCP, would it automatically grab an IP from the previous router or is it best to provide a static one, and start the DHCP pool on say .100?

I did wonder how easy it would be for someone in the Pro Shop to access the office network; if possible at all?
If it is possible, what would be the best way to prevent it?
I believe the office network currently runs a domain so should be pretty locked up?

Thanks!


Report •

#3
March 23, 2015 at 11:47:15
✔ Best Answer
What is the purpose of these multiple networks? I would have to think security.

Technically with the right route add commands you could gain access to any of these private lans via the private lans. Subnetting does not provide security.

You would be much better off putting a switch in between the modem and routers. The three routers would connect to the switch not each other in series.You would get at least three public ips from your isp. Usually we get 5 with a business account. You would place these one of these public ips on each of the routers wan interface.

Now you have three private networks. Or as CurtR suggests one router with a vlan capable switch will also allow you have three separate networks.

This does assume you don't want sharing between these folks

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

Related Solutions

#4
March 23, 2015 at 12:02:51
Hi Wanderer,
This is for my boss's local golf club. They currently have the main office setup using the standard BT router connected to the VDSL modem. They want to extend the internet into a new building that would be acting like a small shop. The shop is roughly 80 metres from the main office. The supposed cable would go through the bar area and they were interested in adding Wi-Fi for guests etc.
As the shop will be run from a member that doesn't 'need' access to the main office network, I think it would be best to try and find a solution where each network is private. Not to mention the Bar Wi-Fi area; I wouldn’t of thought that they would want random people snooping into the network!
So yes anyway, the idea was to cascade the routers so they only have to run one length of cable.

I do like the idea of a switch in-between the modem and office router though. No chance of people snooping!
I'm sure the members wouldn't know how or feel the need to snoop into the office or pro shop network but you may get one angry tech savvy member who goes to town on the network!

Thanks!


Report •

#5
March 23, 2015 at 13:27:53
I probably should have stressed security a lot more than I did. Let it suffice to say I concur with wanderer and recommend you either get a layer 2 (VLAN capable) switch to put between your router and your subnets or better yet, his idea of a router/modem per network.

Also, you might give thought to using two wireless point-to-point antennas to feed your pro shop. You said it's about 80 m away and the max segment length for Cat5e/6 is 100 m But I've found you can start having attenuation issues at about 85 m. If the buildings are 80 m apart exactly, you still need cable inside each structure and that would bring you right up to, or past the 85% barrier I prefer to never cross with cables.

In the past I've used some EnGenius equipment:
http://www.engeniustech.com/
and been quite pleased with it's performance.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#6
March 23, 2015 at 14:53:12
80m was an absolute maximum so hopefully they should be ok with cable length.

I have drawn a new diagram with the switch between the routers and the modem:
http://s4.postimg.org/t3auhd9y5/Unt...

Have I got the right idea?

If you have the time, would someone kindly sketch up a diagram involving VLAN's?
This is something I have never played with! (i used draw.io on these)

Thanks!


Report •

#7
March 24, 2015 at 14:27:58
Also consider the router you want as a shared bar and guest that you get one that supports a separate guest network ssid and isolation. This way you can have a unsecured network guests can easily access while the bar orders/receipts wifi is secure.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •


Ask Question