Re: Best solution to segment subnets

Vince wrote:
Hi Kurt,

Thanks again...

switches are uplinked to each other. This scenario will isolate the subnets? i have a no clear idea of this scenario, maybe so nat routers are confusing me. I didn't know about so cheap soho routers, they are just nat routers? no adsl?

subnet 1 and subnet 2 are two room (telematic networks to kids can practise) in the second floor, i need isolate them from subnet 3 and from each other. Three subnets need internet.

Regards Kust and sorry i'm a bit confuse.


It won't isolate the subnets if the switches are uplinked to each other. If all of the subnets are on just one switch, just pull the plug on the uplinks (I gurarantee that will isolate them! :). If your workstations on different subnets are spread out all over the building or campus, VLANs are your only option. SOHO (_S_mall _O_ffice _H_ome _O_ffice) is just another name for a "broadband" router. They perform "Network Address Translation" (NAT), just like your ISPs router does (It's LAN port will have a private 192.168.x.x address, and it's WAN port will have a publicly routable IP address that all of the private IP address share). These additional routers will do the same thing, so that traffic from local private subnets other than 192.168.0.x will be translated to a 192.168.0 address - which is what your ISPs router is expecting. If managed switches are not in your budget, maybe you could buy enough cheap unmanaged switches to physically isolate them.

Also, having the routers WAN ports connected together will not bridge the private networks.

R1---Switch 1---All subnet 1 computers 192.168.1
192.168.0 /
ADSL Router --R2---Switch 2----All subnet 2 computers 192.168.2
\
R3---Switch 3---All subnet 3 computers 192.168.3

This will give you 100% isolation between subnets, and all subnets will have Internet access. The only thing you'll have to configure is the LAN IP address on the 3 routers (and maybe the DHCP scope). Note that for total isolation, you will require all 3 extra routers.

I use an SMC Barricade 7004VBR router. There are many other good choices. I think I paid about $45 US.
.

Relevant Pages

  • Re: Best approach for broadcasting a notifivation to another progr
    ... I think that normally routers block all broadcasts by default, ... I have found that many admins will allow broadcasts between them (at least ... As for the Terminal server issue, I don't know how that would do. ... I have a customer that has two subnets joined by Cisco pix ...
    (microsoft.public.vb.general.discussion)
  • Re: EIGRP Configuration Help
    ... all single-homed locations are configured as stub. ... Subnets again much similar. ... The network design is archaic and a relic of the past in terms of subnets, ... stub routing on each of these routers. ...
    (comp.dcom.sys.cisco)
  • Re: Network Configuration
    ... You have the physical topology, the logical topology, and ... cross routers, therefore the routers will recover lost bandwith. ... > We currently have three router/hub/switches one, for each floor of our> building. ... I am contemplating going to DHCP and am> interested in knowing if there is a technical reason, why I should try to> keep the subnets focused on each floor. ...
    (microsoft.public.win2000.networking)
  • Help: Tunneling multicast
    ... I want to tunnel multicast DNS (zeroconf/rendezvous, ... The routers connecting ... these subnets do not route multicast, and I don't control the router. ... But I do have linux boxes in all four subnets. ...
    (comp.os.linux.networking)
  • Re: Wired Network / Wireless Network / Internet - 1 attachment
    ... > Any suggested security resources? ... You could use static IPon one of the routers ... You may be able to use two different subnet masks to isolate the two ... think you would be accomplishing anything by doing isolation of networks ...
    (comp.security.misc)