1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

2 Separate networks, 1 Gateway - How?

Discussion in 'Networking' started by Techmonkeys, Sep 23, 2008.

Thread Status:
Not open for further replies.
  1. Techmonkeys

    Techmonkeys Thread Starter

    Feb 10, 2005
    Not been a networking guru, this has me a little confused.

    We have our main network at the office, but now we have rented some space out to a second company, who will use our gateway for access to the internet.

    Obviously they need to be connected to our router, but I dont want them to be able to see anything on our network.

    How can I separate the 2 networks, but use the same gateway?
  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Mar 30, 2008
    Two ways: physical separation or virtual separation.

    Physical. You'll need to pick at least another router preferably two. In the one additional router scenario, you would put them immediately behind the existing router. Then you would cascade the new router from the existing router and put your clients behind the new router. The drawbacks are that you will have to re-IP your clients and there is a chance (probably) small that someone over at the other company might do something nefarious such as a man in the middle attack. Adding two additional routers will give you better separation. You would then put your clients behind one of the new routers and the other company will be behind the other new router. These new routers will then cascade off the existing router. The drawbacks of this is additional expense, the need to re-IP your current clients, creation of three new subnets, and increased complexity in your network.

    Virtual. This is by far the cleanest and what I like to do in situations like this. You will need to get a router/firewall and switch which supports 802.1q VLAN tagging. You create two VLANs. From the router/firewall, you create the two VLANs and a trunk port is built which accepts multiple VLAN traffic on one physical interface. You then create the two VLANs on the switch and assign each of the switchports to the respective VLANs. At the router/firewall, you create access rules preventing the new company from talking or seeing traffic on your network and you're done.

    Some may argue that you can just give them a new subnet which can be configured on routers which support routing of multiple subnets as good enough security wise. I tend to say no as even though they are on a different subnet, the physical access is there where someone can do some IP reconnaissance and configure one of their boxes to sit in your subnet.

    So those are my thoughts.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/752541

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice