Two Networks via One Switch

[CPressland]

Hey Guys,

So, I know all of you have spoken to me about using Level 3 Routers and stuff, but my company isn't willing to pay the money for it. Anyway, currently I need a solution to have two separate networks running through one switch.

We're running three networks, 20.x 19.x and 21.x, all with different gateways. My boss was fairly sure if I connect up the new default gateway and DC into the the existing 19 switch they should still be able to talk to each other. However, they cannot.

Any help guys?

Thanks

Chris

[neufuse Veteran]

VLANS?

[xendrome]

Someone correct me if I am wrong, but why are you using 20.x 19.x and 21.x. I'm pretty sure those are not reserved IP space for private LANs

[neufuse Veteran]

Someone correct me if I am wrong, but why are you using 20.x 19.x and 21.x. I'm pretty sure those are not reserved IP space for private LANs

We use public IP's in our lan for systems, depends on if you have the money for it or not and the security risks... ours are all for servers though

[sc302 Veteran]

Hey Guys,

So, I know all of you have spoken to me about using Level 3 Routers and stuff, but my company isn't willing to pay the money for it. Anyway, currently I need a solution to have two separate networks running through one switch.

We're running three networks, 20.x 19.x and 21.x, all with different gateways. My boss was fairly sure if I connect up the new default gateway and DC into the the existing 19 switch they should still be able to talk to each other. However, they cannot.

Any help guys?

Thanks

Chris

You would need a layer3 switch to route between them or you are changing your network configs. You don't want to pay the money for them, fine, but don't expect it to work unless you do or you seriously rethink your network scheme and readdress everything to be on the same network. You don't like either of those choices, well live with what you have, a network that doesn't work the way you (or your boss) wants it too because you (or your company) is too cheap to put in the right equipment to handle the task that you are asking.

I will try to put it as basic as I can. You have designed a highway and have three large buildings to get to. Each location is surrounded by water, sharks, and water mines. The only way to get to each location is to build a bridge. The company that has hired you to build this highway says they don't want to spend money for the bridges that you should just be able to swim to the other side because you can visually see it, forget the trucks needed to transfer supplies from one building to the other they can swim too. You send a truck over to one site, it sinks and blows up and the contents are eaten by the sharks.

Basically each network is a large building complex, you need to get data from one building complex to the other, but you cant because you don't have a bridge setup for the data to go over. The packets get dropped because they can't transverse a different network segment because the bridge isn't up to travel across.

I hope that makes sense to you.

[+BudMan MVC]

Well you boss sounds like a idiot ;)

How do you expect something on network say a.b.C.x to talk to gateway on a.b.D.x??

Your gateway has to be on the same network as you.

Either put all your devices on 1 network, or you going to have to ROUTE -- PERIOD!!

What router(s) do you have?? You can route with $30 routers - You don't have to spend 300 or 3000 to be able to route.. More than likely if you have 3 soho routers now, you can setup what you want.. Post the model numbers of the devices you have currently as the gateways??

And either point to these other threads, or go over you setup again.. I vaguely recall something about .19 .20 .21 etc..

Quick example of routing - NO NAT with 3 wrt54g routers.

I can fill in as much details as you want, and walk you through it - just need to know what equipment you have and how its currently connected.

So here sample simple layout of 3 segments - internet through .19 network

This can be done with $20 again.. Wrt54G works just fine for something like this -- you just need to change its mode from gateway to router so it does not NAT your traffic.. You can even run RIP if you want or just setup the routes manually.

In a nutshell you would have say the gateway router at 192.168.19.1, then routers for your other networks would have their wan interfaces on .19.2 and .19.3, and lan on .20.1 and .21.1

Now on the .20 router -- it would have a route to .21 to talk .19.3 and default gateway of .19.1

.21 router would have route .20 to talk to .19.2 and default gateway of .19.1

.19.1 would have routes of of .20 talk to .19.2 and .21 talk to .19.3 and default use the internet.

You don't always need to spend even hundred of dollars in a ma and pop setup.. BTW you can add as many switches as you need to in this setup to add ports for each segment

Just need the details of what equipment you have now, and how its currently configured and we can work out your issue for you.

edit: BUT in the END you have to ROUTE -- there is NO way around it -- its IMPOSSIBLE to talk to other networks without routing.. But it can be done on a shoestring budget for sure.

[CPressland]

Guys,

I get that our network sucks, I've been trying to convince my boss of this for nearly a year but to no avail. I do not want Routes between them, I want completely separate networks, running on a single switch. Is this possible?

Thanks

Chris

[Nagisan]

A big question is, is he running them all through 1 internet connection, or does each network have it's own connection?

If it's the former, then Budman has it nailed, if it's the latter, it will probably be more expensive to do properly than it would be to drop the other two connections.....but I have pretty limited networking experience so don't take my word on that statement.

Guys,

I get that our network sucks, I've been trying to convince my boss of this for nearly a year but to no avail. I do not want Routes between them, I want completely separate networks, running on a single switch. Is this possible?

Thanks

Chris

Budman posted virtually the only solution above. You use 2 routers as "switches" with their own network IPs, then another router as a router that sits between those and your internet. As long as it's configured properly it will work. But if you have separate networks (separate internet connections and all) then I do not think it is possible without spending much more.

[sc302 Veteran]

Guys,

I get that our network sucks, I've been trying to convince my boss of this for nearly a year but to no avail. I do not want Routes between them, I want completely separate networks, running on a single switch. Is this possible?

Thanks

Chris

x.x.19.x

x.x.20.x

x.x.21.x

or

19.x.x.x

20.x.x.x

21.x.x.x

or

19.x.x.x

x.20.x.x

x.x.21.x

are all different networks and you need to have routes between them. I don't know what you aren't understanding here.

[Sn00pY]

Guys,

I get that our network sucks, I've been trying to convince my boss of this for nearly a year but to no avail. I do not want Routes between them, I want completely separate networks, running on a single switch. Is this possible?

Thanks

Chris

VLANs will perform your separation at layer2... however this will not (as explained several times above already) allow you to speak to gateways on different networks. Layer2 is flat LAN. You need layer3 to route outside of that flat LAN. If you, or your boss, do not understand this concept you are both morons...

If you can to be exceptionally cheap then you could go router on a stick - but even then you'll need a good router - BudMan has provided you with a 100$ solution that is not ideal but it will work.

[+BudMan MVC]

As stated if you have different network and you want them to talk to each other then you have to ROUTE!! -- PERIOD AND OF STORY!!

But like I said you can do it for pennies!! What devices do you currently have?? And how are they configured??

now you can run different address space on the same switch, but the devices will not talk to each other. If you want them to talk to devices on different networks, connected to the same switch, then the computers you wan to talk to each other would need an IP on that network.

You do understand that computers can have more than 1 IP address, even in different network on the same interface. So again please layout your network, or point to the thread where you did and we can work out how you can do what you want for the LOWEST POSSIBLE Cost.. But without knowing how your currently configured, I can not tell you what you need to do to make them talk to each other, and I need to know what equipment you have and how its connected. Where is the internet connected, etc. etc..

edit: example of running 3 different network on the same switch

So devices that have IP in the .19 could talk to the router and get to the internet. Devices with multiple ips could talk to other devices on those other networks. But if the device does not have a IP on the .19 it would not be able to use the internet. Unless the internet route had an IP on that segment.

Happy to help you work it out if you can do what you want with current hardware, or way to do it with buying cheap soho home routers for pennies, etc. But need to know how your currently setup and what hardware you have to work with, etc.

Edited December 17, 2010 by BudMan

[sc302 Veteran]

If you want them to be seperate, and have 1 common isp, budman's scenerio works fine, one netgear/linksys/dlink/etc router for each network, all directly off the router for the internet network. individual switches off each router. if you plug the routers into the 1 switch and disperse the gateways properly you could have it all off of one switch, but that would be a cabling nightmare as well as a logical nightmare.

[CPressland]

No.

Okay, lets explain this a little better, I do apologize people, my descriptive powers aren't great.

Basically a senior member of the company is leaving soon and taking half the IT Hardware with him, most of the .19 network for example. So, for now, we've created another network .21, with a New DC and new Default Gateway on our SonicWall.

Now, the PCs we're keeping, we want to move over to this new network until the .19 PCs are removed from the building. Now, normally this'd be fine but the PCs in question are on the other side of the building and hooked up to the network via a fibre line going into a series of switches, so right now, we need to have .19PCs and .21PCs on the same switch. but, nothing on the .19 can access the .21 etc. If nothing else, then I'll have to run an eth cable from the server room to the 'comms cabinet' and use another switch to completely separate things.

[Sn00pY]

Let the SonicWall do the routing between the environments - a firewall should be able to perform this.

[Teebor]

Neufuse gave you the answer as the first reply for what you are trying to do, you need VLANS to seperate the traffic completely on the same switch

[CPressland]

Let the SonicWall do the routing between the environments - a firewall should be able to perform this.

But. HOW :p

[Sn00pY]

Well you need to get the switch cabled back to the sonicwall and you set the sonicwall as the Default Gateways for the machines and the SonicWall will operate at Layer3 and route between your networks... You should then be able to have ACLs on the sonicwall on each interface do you can control the traffic also.

[sc302 Veteran]

but the 21 needs to access the 19?

here is the thing, at the very least you are going to need a cheapy router if the 21 needs to access the 19 but the 19 not the 21. a router on the 21 network with the internet port plugged into the 19 network will allow the 21 to talk to the 19 but the 19 will not talk to the 21. the 21 is all natted on a 19 address.

You would need to be able to assign a port an ip address on the sonicwall to be able to act as a router for that network. Maybe if it has a DMZ you could have a LAN and a DMZ ip to be able to route with. But any way you look at it you need something to be able to route with. I will let budman continue, he is better at explaining to the point of over explaining.

[Sn00pY]

but the 21 needs to access the 19?

here is the thing, at the very least you are going to need a cheapy router if the 21 needs to access the 19 but the 19 not the 21. a router on the 21 network with the internet port plugged into the 19 network will allow the 21 to talk to the 19 but the 19 will not talk to the 21. the 21 is all natted on a 19 address.

You would need to be able to assign a port an ip address on the sonicwall to be able to act as a router for that network. Maybe if it has a DMZ you could have a LAN and a DMZ ip to be able to route with. But any way you look at it you need something to be able to route with. I will let budman continue, he is better at explaining to the point of over explaining.

If all these networks exist on the SonicWall then he does not need a router. He can use the SonicWall.

[CPressland]

So what you're saying is if I have the SonicWall have the following config:

192.168.20.254 on x0

192.168.19.254 on x1

192.168.21.254 on x2

Connect x1, 2 & 3 into a single Netgear Prosafe Switch, then have other switches and PCs plugged into this switch I should be able to access all three networks from any PC?

But what about the fact that we currently have three Domain Controllers all broadcasting DHCP and various servers with Static IPs? How will a PC that is currently on the .19 know to talk to the .19 and get it's IP Address from the .19 Domain Controller DHCP?

[+BudMan MVC]

What sonicwall do you have?? Im fairly sure that the sonicwall can do intervlan routing.. Atleast the higher end models for sure.

"How will a PC that is currently on the .19 know to talk to the .19 and get it's IP Address from the .19 Domain Controller DHCP? "

You would need a switch that supports VLANS!!! So that they can be tagged as such, then your different dhcp scopes would work, or you could set up all 3 scopes on the same dhcp server.

Please DRAW OUT YOUR NETWORK!!!

you can get a switch that supports vlan tagging for pennies!!

http://www.newegg.com/Product/Product.aspx?Item=N82E16833122381&cm_re=gs108t-_-33-122-381-_-Product

$100!

[Sn00pY]

How does these people get jobs? :blink: :blink: :blink: :blink: :blink: :blink: :blink: :blink: :blink: :blink:

[+BudMan MVC]

^ Good question snoop -- I would say they LIED on their resume ;) Or who hired them was their 2nd cousin, etc. ;)

edit:

Maybe they know the same person that hired Danny ;)

[sc302 Veteran]

If all these networks exist on the SonicWall then he does not need a router. He can use the SonicWall.

depends on the model. some are as smart as a linksys router.

[Sn00pY]

^ Good question snoop -- I would say they LIED on their resume ;) Or who hired them was their 2nd cousin, etc. ;)

edit:

Maybe they know the same person that hired Danny ;)

:laugh:

depends on the model.

I would be very surprised if it didn't do Layer3 routing. It's not a transparent firewall so it simply HAS to be able to operate at Layer3. It does not even need to do the inter-vlan Routing as it's probably not even dot1q aware. It should just be the routing in/out of the networks. I doubt this dude even knows what atrunk port is :p