2 Separate networks, 1 Gateway - How?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Techmonkeys

Thread Starter
Joined
Feb 10, 2005
Messages
625
Not been a networking guru, this has me a little confused.

We have our main network at the office, but now we have rented some space out to a second company, who will use our gateway for access to the internet.

Obviously they need to be connected to our router, but I dont want them to be able to see anything on our network.

How can I separate the 2 networks, but use the same gateway?
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,630
Two ways: physical separation or virtual separation.

Physical. You'll need to pick at least another router preferably two. In the one additional router scenario, you would put them immediately behind the existing router. Then you would cascade the new router from the existing router and put your clients behind the new router. The drawbacks are that you will have to re-IP your clients and there is a chance (probably) small that someone over at the other company might do something nefarious such as a man in the middle attack. Adding two additional routers will give you better separation. You would then put your clients behind one of the new routers and the other company will be behind the other new router. These new routers will then cascade off the existing router. The drawbacks of this is additional expense, the need to re-IP your current clients, creation of three new subnets, and increased complexity in your network.

Virtual. This is by far the cleanest and what I like to do in situations like this. You will need to get a router/firewall and switch which supports 802.1q VLAN tagging. You create two VLANs. From the router/firewall, you create the two VLANs and a trunk port is built which accepts multiple VLAN traffic on one physical interface. You then create the two VLANs on the switch and assign each of the switchports to the respective VLANs. At the router/firewall, you create access rules preventing the new company from talking or seeing traffic on your network and you're done.

Some may argue that you can just give them a new subnet which can be configured on routers which support routing of multiple subnets as good enough security wise. I tend to say no as even though they are on a different subnet, the physical access is there where someone can do some IP reconnaissance and configure one of their boxes to sit in your subnet.

So those are my thoughts.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top