Routers / Switches :: Separate Subnets Not Working As Described
Jun 25, 2011
I'm trying to set up 2 separate networks in my home, both of which have access to the internet through a single ISP.I have set up my networks using 2 routers as described in the "Version 2" scenario found here: url...The problem is, a computer connected to the LAN side of Router 2 is able to ping and map shared folders on computers connected to the LAN side of Router 1. According to the writeup (last paragraph), this should not be the case.I have been over the setup multiple times to ensure it is per the writeup but each time, I am able to ping and map.Is there some additional router/computer settings that I may be missing?FWIW, here's my take on what is happening (with the ping): When a computer on the LAN side of Router 2 (submet 192.168.1.x) does a ping to a computer on the LAN side of Router 1 (subnet 192.168.0.x), Router 2 sends the request to its Default Gateway (since it's a different subnet).Router 1 however, recognizes this as its LAN side subnet and forwards the request to that computer. The ping response is then routed back from Router 1 to Router 2.
I have two groups of students I wish to seperate by subnetting. Students are nine in each group, and there's one Cisco router (or W-server set as a router). After giving group A an IP of 192.168.200.1, and group B an IP of 192.168.200.129 and connecting each interface to it's own seperate switch, what else does each PC user need to do to establish communication with members not in his/her own subgroup?
My new employer has asked me to determine any issues that could be causing performance issues our LAN. The network has two subnets and one of the first things that I noticed is that I cannot ping computers on subnet A from subnet B. I've looked into this and found a few things.-I CANNOT traceroute to computers on subnet B from subnet A-I CAN NMAP to computers on subnet B from subnet A-Computers on subnet A CAN ping other computers on subnet A and computers on subnet B CAN ping other computers on subnet B-Computers on subnet A CAN ping and access servers on subnet BI am relatively new to networking and not exactly sure where to start investigating this problem.
With traditional classful subnetting, the same number of host bits is used to designate the subnet ID for all the resulting subnetworks. This type of subnetting always results in a fixed number of subnets and a fixed number of hosts per subnet. For this reason, this is known as fixed-length subnetting. The decision about how many host bits to use for the subnet ID is a big planning decision. There are two considerations when planning subnets: the number of hosts on each network, and the number of individual local networks needed. The table for the subnet possibilities for the 192.168.1.0 network shows how the selection of a number of bits for the subnet ID affects both the number of possible subnets and the number of hosts that can be in each subnet. One thing to keep in mind is that in all IPv4 networks, two host addresses are reserved: the all-0s and the all-1s. An address with all 0s in the host portion of the address is an invalid host address and usually refers to the entire network or subnetwork. An address with all 1s in the host portion is used as the local network broadcast address. When a network is subnetted, each subnet contains an all-0s and an all-1s host address that cannot be used for individual host addresses.
I have a 4-port Netgear modem/router (DG834), and need to distribute its Internet connection according to the following criteria:
1.There are 11 access points (3 wired, 8 wireless) across 4 floors of a building - all cabling is from a central point, which will connect through a switch.Cat 5e cabling is in place. 2.The wireless points need Power over Ethernet connections 3.The 4 router ports serve 2 PC's and a printer in an office, the fourth being the connection to the switch. 4.There must be network separation so that: - all points have Internet access - there are three separate groups - one for the office, one for staff (wired) and one for guests (the wireless points), the purpose being to ensure that no user in one group can access any user's device in the other 2 groups. I'm assuming VLAN is the method for this. 5.Traffic on the network is likely to be fairly low casual use of the wireless ports, the office PC's only being used for Internet access and email no transactional systems, large databases or other resource / network-intensive functions.
1.Both the Netgear FS726TP and GS724TP look as if they will do what I want, using WNAP210 wireless access points. Could I achieve the same outcome with 2 x GS108PE switches? Any other hardware recommendations? 2.Do I need any additional hardware? 3.Are there any other considerations I have not thought of?
access-list <#> permit/deny <protocol> <sourceAddress> <sourceMask> <destinationAdd> <destinationMask>Say I applied an ACL inbound on Fa0/0, would the source address be the outside the LAN?So if took the same ACL and applied it as outbound, would the source need to be change to an IP inside the LAN?I am a bit confused by the data flow I'm seeing in packet tracer simulation mode to. I set up an ACL for testing purposes "access-list 199 permit ip 184.108.40.206 0.0.0.63 any" set as inbound, the idea being it permits any traffic from the .0 subnet.When I watch the packet in the simulation, it makes it to the destination address then is dropped by the router on it's way back out to the sender.
My office pc internet ADSL router is connected on USB port and office intranet router is connected to LAN post throuh a CAT-5 cable.Both have different gateways.I have manually configured both USB and LAN but internet and intranet does nt work together.I am required to disable one connection to connect the othet one.I want to remotely connect to my office pc and work on intranet( oracle database) .i connect through team viewer but as internet is on,intranet does nt open.i tried to add intranet gateway throuh command line also but it did nt work.office pc is xp ..home pc is vista..
ive been having some issues with my internet, i had an attack on my pc recently by some american orginization, ive reinstalled new windows on my pc, reset my modem, and nothign seems to work, i have too many tunnel adapters in cmd ip config i think, bell canada hooked up my internet lines and they actually joined two or more wires together and strung them up on the neighbours fence and mine and even wrapped it around a tree branch, god knows why they would even do that, maybe they think when the tree grows it will cost me money to fix it and theyll earn from thier mistakes instead of learn from them... anyway this is my ipconfig test results as explained in previous post from someone.Windows IP Configuration[CODE]
I have Windows 7 x64 and I'm using ICS to share my internet connection (cable-modem router from Comcast) with another 4 computers in my LAN.Today I decided to install a VPN free program called HOTSPOT SHIELD, and after installing it I can browse fine the Internet with this main computer, but the others in the LAN lost internet connection, although File-sharing still works fine and I can see the Networked computer in Windows Explorer or access them remotely with Remote Desktop Connection.I noticed that the Hotspot Shield program added several routes to my routing table, most of them in the IP-Range 10.31.X.X with a Mask of 255.255.248.0so this virtual Network-card that is created has a VARIABLE IP address 10.31.X.X, the first time I monitored it was 10.31.40.20.
The modem Time Warner gave me several years ago was dying, I took it in, they gave me a Cisco modem, I plugged it into the computer, works fine, so then I plugged it into my airlink 101 wireless router, the computer recognizes the router but says there is no internet access, i.e. the modem and router are not communicating. Why would change of modem cause lack of communication with the router, is there something different about modems now compared with roughly 5 years ago? And what can i do to fix it so i can have wireless access again? If it matters, I have no protection on my wireless (because I never figured out how).
I have two separate companys both with staff at two locations and thier own networks connected with a wireless antenna which provides a high speed LAN connection between offices. I only have a single path through this antenna bridge. I have an SG200-08 switch at each end. What I am attempting to do is utlise the switches to take the two subnets at one office, combine them to one for transfer through the antenna bridge, and then resolve them into the two separate networks again at the other end.
I have two cabinets in a datacenter with four available cross connect cables. I would like to set up two LAGs between the two switches each of which will carry one vlan across to the other. My default vlan contains all of my servers on it (10.0.0.0/8), and my backup vlan (192.168.200.0/24) will only be used for iscsi traffic and data backups. At the moment, I have one cable connecting the two switches and it works fine for the default vlan. When I add in a second cable and set it to vlan 200, no matter what settings I try it just doesn't pass traffic. I've made several attempts to get the second connection working, tagged, untagged, trunk, access, etc.
We have 2 separate networks here, 1 for data (192.168.0.x) and 1 for VOIP phones (192.168.3.x).
I need them to both be connected to different ports on a switch (Cisco SG 300 10 port managed switch) which is then linked to another switch (Cisco Catalyst 2960 48 port switch). Then on this 2960 switch I want the link to be split back into the 2 separate networks. I think that I need to create 2 separate VLANs and assign them to different ports.
I have had the Netgear 3300 Dual Band for three years. Everytime I wanted to access using my laptop, I had to choose between 2.4G and 5G connection. For about a month now, the 5G does not show up. It doesn't show up as a network to select no matter what device I use. I have reset the router and updated the firmware. Both connection lights are blinking. I recently purchased and IPhone 4 and still I do not have the option of selecting 5G.
I am having a problem in connecting two Cisco 2960 Switches between two different buildings using Cisco WLC 2504 & 3 Wireless 1552S APs.
- One AP is directly connected to Switch - 1 where WLC is connected and serving as a RAP
- Another one is working as Mesh in the field.
- Third one is a Mesh Access Point wired to another Switch - 2. (Bridging is enabled)
All the APs, WLC & switches are in the same network 10.3.x.x subnet mask : 255.255.240.0?WLC is working with default management interface whereas switches are having VLAN1 configured as default VLAN.All the port for the switches are Trunk ports?Once i am trying to ping the RAP or any MAP from Switch - 1 I am sucessful but once i am pinging Switch - 2, its not replying. Similar is that case from Switch - 2 side.
Created 2 separate VLANs on SGE2010P switch. Neither in Native VLAN 1.
-Port g01 in VLAN 56 -Port g25 in VLAN 56 -Port g10 in VLAN 10 -Port g37 in VLAN 10
All appears to work well within the respective VLAN (i.e. DHCP, ARP, etc. no IPs from other VLANs)STP - Spanning Tree is Globally disabled.
However; when I feed a n new network (which has STP enabled) into VLAN 10; I then plug a laptop with wireshark running into VLAN 56 - cannot see any other traffic/packet...except STP packets coming from a CISCO device on VLAN 10 while I am plugged into VLAN 56.
This demonstrates to me the network is not truely seperated. I know this because last night I crossed two networks and caused havoc; ouch.I configed a D-Link switch with the same scenario and no issue.
We have a two separate businesses in the same building who will both need access to shared resources and the same internet connection. They will need to remain on separate subnets and cannot communicate directly to each other. The current switch is a Cisco ESW-520-48P and we are looking at purchasing an SG-300-20P for the new business moving in. Heres how we envisage setting it up:
ESW-520 will host Company A's network. Workstations, servers etcSG-300 will have two VLANS. VLAN1 will host all Company B's network. Workstations, servers etc. VLAN2 will host the shared resources such as printers. The internet gateway is a UNIX based system with 3 NICS. 2 NICS are taken up by ADSL connections while the other NIC is the LAN, which would connect to VLAN2 on the SG-300. We would like to define which ADSL connection to route through depending on which subnet traffic is originating. The ESW-520 will need access to the shared resources and internet gateway on VLAN2 on the SG-300.
I have an issue with a Cisco 3750 switch stack which is connected to two seperate upstream Cisco 3750's which are administered by an ISP. The ISP is experiencing MAC address flapping from one of my VLAN SVI's i am using to route traffic upstream
As you can see I utilise a VLAN SVI to route traffic to the upstream 220.127.116.11 (illustration only) IP. As per the diagram of the topology attached, the ISP is receiving a MAC address flapping error confirming the SVI MAC address from my switch stack is being learnt on the trunk port connecting switch 1 and switch 2, and also the port (Gi1/0/48) directly connected to my switch stack. As these are all Layer 2 links essentially being passed upstream and then connected between the two ISP switches, we have a 3 way triangular loop formed.
If I was to remove the port channel configuration from the two ports associated with the VLAN SVI, am i right in suggesting this would still form a layer 2 loop? The two ports would still be a member of the SVI VLAN, and it is the VLAN MAC address which is being learnt by the two ISP switches on different interfaces.
I have three routers and 2 ISPs but I'd like to focus for now on a configuration with only one ISP provider. Here is my environment:
Netgear Cable (CBVG834G) wireless routerON the cable router are connected multimedia type equipments (TV/ IP set top box/ IP amp ) located on the family room DHCP ON (because I can't get internet connectivity when I assigned Fix IP address I come to that later) IP Adress:192.168.1.2 DHCP range:192.168.1.10/ 19 Reserved IP : 1218.104.22.168 for the Dlink 4 DEV a connected D-LINK ( DIR-855) wireless router.mainly PCs, NAS (x2) located on the first floor. DHCP ON Lan IP Adress: 192.168.0.1 DHCP range:
192.168.0.100 / 120 WAN Ip address : 192.168.1.10 6 PCs are connected
Everything works fine from an internet connectivity standpoint:
DEVx can connect to internet fine PCx can connect to internet PCx can access DEVx
Now the issue DEVx can't access resources from PCx!
I have a static DSL connection and my ISP is giving me 4 static IP's. I have connected my RV042 to the DSL modem and I have now 1 subnet at 192.168.0.0. What I want to create is a WEB server/ Email server, but to sit on a different subnet - 192.168.5.0. For now I have connected the server to the DMZ port, but I am unable to to access it from WAN, only from LAN. How to configure properly the 2 subnets (192.168.0.0 and 192.168.5.0) and how to forward my static address to the server which I which to be on the 192.168.5.0.
At the small church I attend, and where I'm the IT guy, we have an RVS4000 router which has worked well for us including the VPN capability. Our internet connection is through AT&T (not my choice) and last week we had to switch from DSL to U-Verse because AT&T is doing away with the former.
Unfortunately as part of this switch, the old modem was discarded and an NVG510 installed. The NVG510 is a combo modem/router. But since it doesn't have VPN capability and is not as good a router all around as the RVS4000 (even though the 4000 is an aging device), I am trying to run both.
I finally figured out how to set up IP Passthrough on the NVG510 so now VPN is again working to the RVS4000 so that's not an issue. We do have a couple of PCs that are in a room where no wired connections are possible so they are using wireless. But they are not very close to the wireless antennas so they don't have the greatest throughput. The NVG510 does have wireless capability and is physically located to where it would provide a much better signal. However, the NVG510 will only use a 192.168.x.x subnet and our LAN is setup for 10.x.x.x. I'm not about to change the LAN as it runs a Windows domain with enough equipment that I don't want the exercise of changing subnets.Can the RVS4000 be setup so that it will route domain traffic between the 2 subnets? As it is now, connecting a PC to the 192.168.x.x subnet on the NVG510 allows it to have internet access but it can't access domain resources on the 10.x.x subnet. I don't understand networking well enough to know why this won't work. I know it can because when I worked for a large corporation, they had different subnets that were routed so that PCs on one subnet could be on the same Windows domain as PCs on another subnet and all access resources on both subnets.
The RVS4000 may be capable of doing this but my limited knowledge of networking (I know servers, not switches, etc) means I'm not sure of what I see on the router to know if it can do it or not.I'd be appreciative to know first off if the RVS4000 can do it, and secondly if it can, then how to set it up. I've worked with the RVS4000 since we got it 3+ years ago so I'm fairly familiar with it, I just don't know the rest.
I am in the process of migrating our existing server farm subnets to our new Nexus server farm and I discovered something I wasn’t expecting. My intention is to migrate our existing legacy server farm which is comprised of for paired 3750 switches off of our core 6509s and onto the Nexus and connect them to the 2232s via multi gig port-channel connections, two port channels per switch stack.
NOTE this is expected to be a temporary move as next year we intend to install additional N2Ks and move servers over to these directly. But to minimize the outage/downtime it will be better to move the subnets and switchs all at once.
These connections would be grouped 1 gig connections as port channels, one from each switch into one of the two 2232s.
Problem I discovered is Cisco does not intend to have switches connected to the Nexus and it immediately disables the ports when they see BPDUs.
I found a config that does work and it does fail over from one port-channel connection to the other but with the limitation that when the original port channel comes back online it does not fail back over to the original one, an acceptable situation for us. But I am wondering if Cisco would support this design if we did experience issues down the road.
The only issue I really see is to get it to work the config is different on the two N5Ks, see the pert config below for the connections. Both are running the same OS
augs1-ba-ar17# sh ver Cisco Nexus Operating System (NX-OS) Software TAC support: [URL]
I'm having a problem viewing devices on my home network. To better explain I created this diagram of my Home Network below.I have a Cisco VPN Router and connected to that I have a Netgear WRN 1000v2 Router & Linksys WRT54G2v1 Router. I used to have my home network connected to only one router and I was able to see and connected to other devices. Now my networks are separated, I think it has something to do with subnet masking and the IP addresses on the routers.
I have Verizon fios with a modem that has a build in router. I purchased a secondary router so to separate what devices goes online. Now I did the easy setup wizard and connect the secondary router successfully however there is no Internet connection. Is how can I separate the routers and use the same internet connection.
I have five static IPs that I would like to fully utilize, by NAT'ing them to internal VLAN subnets.I read that the RV180 can do this, but I am having difficulty in finding a working recipe.I have assigned xxx.xxx.xxx.2 to the RV180 WAN interface.
I have created four additional VLANs 2-5 and assigned to ports 1-4 with subnet interfaces 192.168.2.254, 192.168.3.254, 192.168.4.254. and 192.168.5.254,I have set the default VLAN to untagged on all ports. VLANs 2-5 are set to tagged for their respective port (1-4) and exclude for other ports.I have set DHCP relays to 192.168.1.202 which is my DHCP, DNS, AD services.
I read some months ago that when the first static IP address is assigned to the WAN port, that the VLAN ports will accept tagged packets on their ports and NAT them to the respective successive static IP (sounds a bit like magic to me). Regardless, I read that the RV180 can provide VLAN subnet NAT to up to 5 static IP address. I am not looking for 1 to 1 NAT, not the same. I want to perform NAT on the four additional VLANs in the similar manner that VLAN 1 (default DMZ) IPs are NAT'd to the static WAN address. As in everything outbound on 192.168.1.0 is NAT'd to xxx.xxx.xxx.2
Additionally I would like all DHCP assigned by my DHCP server which I believe is accomplished with the DHCP relay setting on all five VLAN subnets, which point to the DHCP server 192.168.1.202
Lastly, I am trying to configure VPN connectivity into my DMZ network. I have configured a few accounts, enabled for PPTP. I have configured PPTP and am issuing 192.168.1.70-80. The VPN connection seems to work great without the use of Cisco quick VPN. I can see the remote picking up the 192.168.1.71 IP address as the VPN connection is made. From the remote I can ping IP addresses on the DMZ subnet 192.168.1.X How can I configurer the Cisco RV180 PPTP server to provide the DMZ DNS ipaddresses? These addresses need to be 192.168.1.201 and 192.168.1.202
I feel I am almost there, in working out the VLAN subnet to Static NAT. I suspect it will be some routing configurations. The ISP business gateway on the WAN side that I point my router to which is owned by Verizon, is xxx.xxx.xxx.1 I have a /29 making IPs xxx.xxx.xxx.2-6 available to me.
now lets say i am branch 1, i can access 10.10.1.0/24 network but cant access 10.10.5.0/24 network, means i dont have branch to branch connection, it should be through HQ, means my RV042 at brnach should fwd all traffic to HQ for another branches also. Under VPN tunnel if i try to configure remote destination 10.10.0.0/21 its not allowing me it says network overlaping with local network, how i can sole it, I know how to do in cisco, we can permit those networks in access lists.
I have two dir655 routers that are connected. The second router is not setup as a wireless access point, but I am open to that if it will work. The second one is going to serve as a public wifi in a business, with a separate SSID. The first one is going to handle the local business network, with its NAS and printers. How would I prevent the public wifi from accessing the first router?
I have tried the guest wifi partition setting, however it still allows access to the lan devices on the first router. It does partition with the second router properly though, but thats not worth anything to me cause there are no lan devices on the 2nd router.
Would it work right if I turn the 2nd router into a access point, disable the dhcp server, and set it up with the guest wifi partition?