2 subnets (sittin in a tree)

Hello,

Just need a lil help with subnets.

I have s small business with about 15 PCs.

I've set up the entire network with a subnet of 192.168.2.X.

The switch I'm using is a Linksys SRW2048. My server has Windows 2008 R2 64-bit installed. So basically, it's set up like this:

Server ---> Switch <--- PCs

The IPs for the Server (with 2 LAN cards) are 192.168.2.1 & 192.168.2.2 (The server is essentially a file server, DNS and DHCP. And the PCs are using Windows 7 32-bit)

Everything works perfectly well on the 192.168.2.X

(Now here's the tricky part.)

The boss wants Internet but he doesn't want anyone else to have access to it, save for 1-2 other employees.

The internet router is a NETGEAR DGN2000. The subnet I gave that is 192.168.1.X.

But what if my boss (or the other 1-2 employees) want a file from the file server?

So, I thought I'd give him 2 lan cards and connect him to the internet subnet and the server subnet. But, that's not working. The Server takes precedence and the internet doesnt work.

Essentially, I can only access one of the 2 at a time by disabling one or the other. How can I use both at the same time? How can I get the two subnets to get along? Do I even need 2 subnets?

Thanks in advance.
8 answers Last reply
More about subnets sittin tree
  1. Haven't looked at the switch, but you might try setting up access lists that allow the internet comps access, but not the non-internet comps.
    Vlans are another option if your switch supports it.

    If the router supports it, you might be able to block mac-addresses from getting through. You would then set the router to the 192.168.2.x network.
  2. You could also set the nic cards in the server to have multiple ip addresses and give each an address in both subnets.

    or add a third nic to your server.

    but blocking access by ip address or mac through your router would be the easiest.
  3. Thanks for the replies guys. Here's what I have in mind:

    I'm a newbie to all of this, so please bear with me.

    1) Disconnect the router and set its IP to 192.168.2.50
    2) Connect the router to the switch. (This should give everyone on the switch, access to the Internet)
    3) Set up ACL to allow certain IP addresses (the PCs allowed to use the Internet) access to 192.168.2.50

    I'm completely new to ACLs but my guess is that should work.

    Question: Can someone help me set up the ACL? The Linksys switch that I have does have that feature but I'm not sure how to set it up.

    Here's what is asks for:

    ACL Name Internet Access

    Action Permit/Deny/Shutdown

    Protocol Any
    Source Port Any
    Destination Port Any

    Source IP Address
    Wild Card Mask

    Destination IP Address
    Wild Card Mask

    Match DSCP

    Match IP Precedence

    I've tried using the ACL to test blocking a certain IP address (192.168.2.15) to access 192.168.2.1 & 192.168.2.2 (the server). The wild card I used was 0.0.0.0. I don't know what IP Precedence does.

    But it doesn't seem to work. I can still access the server from that PC.

    (Help?)

    Did I miss something?
  4. You can still access the server because
    you don't have to go through the router to access it
  5. You want to put in your permits first then deny everything else access to the router.

    So first permit the internet computers access to the internet. Protocol will be http, Ports are both 80, source ip - Computer IP, destination 192.168.2.50
    Then you can deny everything else access to 192.168.2.50.


    don't worry about the DSCP unless you run QoS.
  6. If you can tell me the model of router you have I can tell you the commands to set up
    an access list. I only know how to configure a CISCO router off the top of my head.
  7. @ a-nano-moose

    The router is NETGEAR DGN2000

    As a test, I tried to DENY a PC from communicating with the server. Here's what I input into the Switch (Linksys SRW2048):

    ACL Name: Test
    Action: Deny
    Protocol: Any
    Source Port: Any
    Destination Port: Any
    Source IP: 192.168.2.15
    Wild card mask: 0.0.0.0
    Destination Port: 192.168.2.1
    Wild card mask: 0.0.0.0
    Match IP Precedence: BLANK

    Then I made another DENY for 192.168.2.2 since the server has 2 LAN cards. (192.168.2.1 & 192.168.2.2)

    But the PC can still communicate with the Server. Why?!

    Again, I have:

    Server: 192.168.2.1 & 192.168.2.2
    Linksys Switch: 192.168.2.3

    Router (Internet): 192.168.1.1 (NOT CONNECTED TO SWITCH ATM)
  8. Also, there's a 3rd LAN Card on the server which is connected to the NETGEAR DGN2000. (This allows the Server to have internet access for updates, etc)
Ask a new question

Read More

Servers Networking