Sign in with
Sign up | Sign in
Your question

Can a second router separate two LAN networks but allow for incoming traffic?

Tags:
  • Routers
  • LAN
  • Cameras
  • Networking
  • WAN
Last response: in Networking
Share
December 4, 2013 4:02:14 PM

I have a project that I will be deploying several IP cameras and security devices into an existing volunteer based museum. Problem is they dont have an IT person or switch/firewall capable of VLAN etc. My fear is that if I dont separate my devices from their network that they will eventually duplicate IP's or cause me grief along the way.

My concept is to connect my own router to their existing switch, assign my router a static IP on my WAN port within their network range (say 192.168.0.50). Then on my LAN side of my router connect to my camera network of 192.168.10.X (.10 in case they may ever get a VLAN capable switch). Also to port forward my router on incoming 192.168.0.50 to forward to my IP camera web server on my routers LAN at 192.168.10.20. This way they can view the camera from my .10.x web server from their .0.x workstations on their own network.

My questions is, Is this a good way of doing this? I have port forwarded routers for public IP's to see in LAN's and I assume the same principle applies in this LAN to LAN scenario. Is this correct?

More about : router separate lan networks incoming traffic

a b X LAN
December 4, 2013 5:34:15 PM

You will have the standard port forwarding issue of only being able to map a single device to a port on the outside router. If you would for example need to get to port 80 on each camera from the outside it won't work simple. You would have to do strange stuff like map port 81 to camera 1 80 and 82 to camera 2 80.

Now if you intend to hook the cameras and the end pc and everything to the same switch then you could still have a issue. Although they are on different subnets all the devices can actually see each others broadcast traffic...this is the key difference with a vlan. In most cases it won't matter but you still have things like DHCP and ARP that can cause you trouble. Of course there is no security since a user could just his ip to the other network.
m
0
l
!