Sign in with
Sign up | Sign in
Your question

2 subnets (sittin in a tree)

Last response: in Networking
Share
Anonymous
June 25, 2011 10:02:13 AM

Hello,

Just need a lil help with subnets.

I have s small business with about 15 PCs.

I've set up the entire network with a subnet of 192.168.2.X.

The switch I'm using is a Linksys SRW2048. My server has Windows 2008 R2 64-bit installed. So basically, it's set up like this:

Server ---> Switch <--- PCs

The IPs for the Server (with 2 LAN cards) are 192.168.2.1 & 192.168.2.2 (The server is essentially a file server, DNS and DHCP. And the PCs are using Windows 7 32-bit)

Everything works perfectly well on the 192.168.2.X

(Now here's the tricky part.)

The boss wants Internet but he doesn't want anyone else to have access to it, save for 1-2 other employees.

The internet router is a NETGEAR DGN2000. The subnet I gave that is 192.168.1.X.

But what if my boss (or the other 1-2 employees) want a file from the file server?

So, I thought I'd give him 2 lan cards and connect him to the internet subnet and the server subnet. But, that's not working. The Server takes precedence and the internet doesnt work.

Essentially, I can only access one of the 2 at a time by disabling one or the other. How can I use both at the same time? How can I get the two subnets to get along? Do I even need 2 subnets?

Thanks in advance.

More about : subnets sittin tree

June 27, 2011 3:20:06 AM

Haven't looked at the switch, but you might try setting up access lists that allow the internet comps access, but not the non-internet comps.
Vlans are another option if your switch supports it.

If the router supports it, you might be able to block mac-addresses from getting through. You would then set the router to the 192.168.2.x network.

June 28, 2011 2:27:34 PM

You could also set the nic cards in the server to have multiple ip addresses and give each an address in both subnets.

or add a third nic to your server.

but blocking access by ip address or mac through your router would be the easiest.
Related resources
June 29, 2011 7:30:17 AM

Thanks for the replies guys. Here's what I have in mind:

I'm a newbie to all of this, so please bear with me.

1) Disconnect the router and set its IP to 192.168.2.50
2) Connect the router to the switch. (This should give everyone on the switch, access to the Internet)
3) Set up ACL to allow certain IP addresses (the PCs allowed to use the Internet) access to 192.168.2.50

I'm completely new to ACLs but my guess is that should work.

Question: Can someone help me set up the ACL? The Linksys switch that I have does have that feature but I'm not sure how to set it up.

Here's what is asks for:

ACL Name Internet Access

Action Permit/Deny/Shutdown

Protocol Any
Source Port Any
Destination Port Any

Source IP Address
Wild Card Mask

Destination IP Address
Wild Card Mask

Match DSCP

Match IP Precedence

I've tried using the ACL to test blocking a certain IP address (192.168.2.15) to access 192.168.2.1 & 192.168.2.2 (the server). The wild card I used was 0.0.0.0. I don't know what IP Precedence does.

But it doesn't seem to work. I can still access the server from that PC.

(Help?)

Did I miss something?
June 29, 2011 11:00:55 AM

You can still access the server because
you don't have to go through the router to access it

June 29, 2011 2:05:31 PM

You want to put in your permits first then deny everything else access to the router.

So first permit the internet computers access to the internet. Protocol will be http, Ports are both 80, source ip - Computer IP, destination 192.168.2.50
Then you can deny everything else access to 192.168.2.50.


don't worry about the DSCP unless you run QoS.


June 29, 2011 10:06:18 PM

If you can tell me the model of router you have I can tell you the commands to set up
an access list. I only know how to configure a CISCO router off the top of my head.
July 2, 2011 9:34:56 AM

@ a-nano-moose

The router is NETGEAR DGN2000

As a test, I tried to DENY a PC from communicating with the server. Here's what I input into the Switch (Linksys SRW2048):

ACL Name: Test
Action: Deny
Protocol: Any
Source Port: Any
Destination Port: Any
Source IP: 192.168.2.15
Wild card mask: 0.0.0.0
Destination Port: 192.168.2.1
Wild card mask: 0.0.0.0
Match IP Precedence: BLANK

Then I made another DENY for 192.168.2.2 since the server has 2 LAN cards. (192.168.2.1 & 192.168.2.2)

But the PC can still communicate with the Server. Why?!

Again, I have:

Server: 192.168.2.1 & 192.168.2.2
Linksys Switch: 192.168.2.3

Router (Internet): 192.168.1.1 (NOT CONNECTED TO SWITCH ATM)
July 2, 2011 9:36:27 AM

Also, there's a 3rd LAN Card on the server which is connected to the NETGEAR DGN2000. (This allows the Server to have internet access for updates, etc)
!