split network

April 6, 2009 at 17:18:04
Specs: Windows XP
I have a private network connected with a
computer repair bench. I would like to isolate
the bench from the network and still be able to
connect both to the internet through one web
connection.

Would adding a second router solve my
problem and if so what would the configuration
be.


See More: split network

Report •


#1
April 6, 2009 at 19:00:52
Adding a second router will complicate things if there is only one WAN connection. Why is the reason for the isolation?

Report •

#2
April 6, 2009 at 19:49:51
trying to separate my home network from the computer repair
shop, to try and keep any malware or other crap off my
network computers.

Report •

#3
April 6, 2009 at 20:14:49
Have there been a lot of problems with malware in the past? There are ways to secure the network as well as individual machines without dividing it into two subnets.

If you still think it's necessary, it can be done.


Report •

Related Solutions

#4
April 6, 2009 at 20:44:35
how can the network be split and have them both use the
same gateway.

Report •

#5
April 6, 2009 at 21:00:00
Routing tables.

Report •

#6
April 6, 2009 at 21:30:08
is static router tables as good as a firewall, what I am trying to
do is put a wall between the workbench and the rest of my
network.

Report •

#7
April 7, 2009 at 04:05:03
You can simply use a second router to split the networks.

Let's assume router one is connected to the internet and has internal ip address 192.168.0.1.

Connect private network to router one.
Connect computer repair bench to router two.

Connect WAN(DSL) port of router two to a LAN port of router one.

Configuration of router one:
Internal LAN IP address:
192.168.0.1
Subnet mask
255.255.255.0
DHCP server set to on
DHCP range:
192.168.0.3 to 192.168.0.255

Leave the WAN (DSL) interface of router one configured as it is because this router can already connect to the internet.

Configuration of router two:
Internal LAN IP address:
192.168.1.1
Subnet mask
255.255.255.0
DHCP server set to on
DHCP range:
192.168.1.2 to 192.168.1.255

WAN (DSL) interface of router two:
Configure WAN interface to connect to the internet by using static ip address.
The static ip address is.
192.168.0.2
Subnet mask
255.255.255.0
Gateway address
192.168.0.1 (router one)
DNS server address
192.168.0.1 (also router one)

Summary:
Now you have 2 networks, 192.168.0.0/255.255.255.0 and 192.168.1.0/255.255.255.0 physically separated by routers and logically separated by IP range and secured by firewall of router two on the WAN interface.

Computers connected to router one are working like before and accessing the internet in the same way like before.

Computers connected to router two asks router two for internet address. Router two has no idea and uses it's WAN (DSL) interface to ask router one for the internet address. Router one asks the ISP and hands back the result to the Computer on router two.

Please send a reply, if you solved the problem !!!


Report •

#8
April 7, 2009 at 06:13:34
The network & the PCs on it can be secured without doing all that.

Report •

#9
April 7, 2009 at 06:32:01
The easiest way to accomplish what you desire is to put in a managed vlan capable switch. No routing or subnets required.

Home is on vlan1
Bench is on vlan2
Port connecting to router has both vlans so both have internet access.

Each vlan is isolated from the other and has internet access. All are in the same router supplied subnet.


Report •

#10
April 7, 2009 at 06:38:59
paulsep: your solution:- that means that the SOHO routers have inbuilt automatic routing protocols, RIP2 etc.....?

Do you not have to specify the network and next hop and set up a static routing table?


Report •

#11
April 7, 2009 at 07:58:11
Only unless you want the pcs on router1 to access the router2 lan subnet. Which is the flaw in this design, a route between the two can be created. Can't happen with vlans.

Report •

#12
April 7, 2009 at 09:47:32
@andynet

The second routers WAN interface has configured a gateway which is used, if a requested host is not reachable. So the second router hands over the request to the first router and no additional static routing is needed.

As wanderer stated, it's only needed, if you want to be able to access the clients on the other network. Therefor, you also have to configure the firewall of router 2, to allow such traffic.
Btw, the goal is to separate the networks, right?

Please send a reply, if you solved the problem !!!


Report •


Ask Question