Setup Multiple Public IP's

August 28, 2012 at 15:43:44
Specs: Windows 7 Ultimate, Core 2 duo E4800 / 4 GB
Hi All,

At my company, we lease 3 static public IP addresses from 1 ISP. We want to have 3 separate networks that each use one of the IP addresses. Network 1 is the computer network, network 2 is the VOIP network, and network 3 is the security camera network. I am trying to determine the best way to do this. I have come up with 2 solutions in my head, but I'm not sure if they will work or not. I would like to get some input.

Solution 1:

Solution 1 looks something like this. Fiber box -> Router-> 3 switches. There would be one WAN input on the router, that would have a static route to 3 different LAN ports. For example, address would be assigned to LAN port 1, would be assigned to LAN port 2, and would be assigned to LAN port 3 (by assigned, I mean have a static route to it). Is there some type of router that is capable of doing this? If so, could you please give some suggestions.

Solution 2:

Solution 2 looks something like this. Fiber box -> Switch -> 3 Routers. The ethernet cable would run from the Fiber Box to a switch, and then 3 routers would be plugged into the switch. Each router would have the Static information configured in them.

Would both of these methods work? If so, which would be the best way to go? Also, do you guys suggest any different methods that might be better?

August 29, 2012 at 07:20:29
My first question is, what type of router are we talking about here? If you're talking about a SOHO router with 4 LAN ports, it's not capable of doing what you want. You would require at the very least, a mid grade, to enterprise grade router with multiple ethernet interfaces.

I am trying to determine the best way to do this

Use VLAN tagging and give each network it's own VLAN.

If you already have layer 2 and/or 3 switches, this would be much simpler than what you're proposing.

My setup would be as follows:

Internet >> Firewall >> Router >> L2/L3 Switch (multiple VLAN's) >> Clients

NOTE: Firewall and router could be the same device

It's worth noting that most L3 switches are also capable of routing. I would still have some kind of firewall device between my network and the internet.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***

August 29, 2012 at 07:54:41
Unfortunately vlans don't address your public ip issue.

If you want three separate networks based on three public ip addresses you need a small switch and three routers.

It would look like so:

internet<>switch<>three routers<>three different lans.

This configuration does optimize the lan traffic whereas vlans require processing on for all three on the same switch.

Given Curt's solution you would only need one public ip address which is the usual way of accomplishing this.

