1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV082 - 1 DSL - 2 systems that must be isolated

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by DDogg, Jul 17, 2007.

  1. DDogg

    DDogg LI Guru Member

    RV082 - 1 DSL - 2 server systems that must be isolated

    I am feeling brain dead and could use some coaching on a requirement from a customer. Basically he has a 2000 server network now and wants me to build and add a separate 2003 system with workstations. The requirement is the two systems must be totally isolated from one another. Separate switch's, etc.

    Fine, no problem, except there is one DSL connection with a dynamic IP. How can I use the RV082 to provide both systems Internet access and still be able to swear on a stack that the systems are fully isolated?

    Alternatively maybe I could get 2 static IPS from the DSL provider, but the two systems would be co-joined at a switch in front of the routers ... I don't know if that will fly and I am feeling like a total dummy right about now.

    Any other solutions needed and appreciated. Else, I guess I'll tell him we need a 2nd DSL connection, but I know there must be a way to do this without that.
     
  2. d__l

    d__l Network Guru Member

    Would the RV082's VLAN capability be enough to satisfy the separation requirement? Put some or all of the 2000 server network on one VLAN and the 2003 network on the other VLAN. The two networks should be isolated as long as the RV082 isn't tampered with.

    He might need two DSL connections for the bandwidth requirements of two networks though.
     
  3. vpnuser

    vpnuser LI Guru Member

    You could use port-based VLAN. For example, assign ports 1-4 as VLAN 1, and ports 5-8 as VLAN 2. PCs on one VLAN won't see PCs on the other VLAN.
     
  4. DDogg

    DDogg LI Guru Member

    Yes, I guess it would work technically ... so long as I can protect the router from internal and external tampering as you mentioned (external being somebody changing the cat5's around). Also, I could disable all but the two ports going to the two switches for the separate networks.
    Very low bandwidth needs so ok there.

    Thinking out loud here a bit - They would still be using the same subnet although the VLan would keep them from talking. Ideally I would like to have two completely different sets of numbers for the 2 VLans (if nothing else to keep it straight in my mind). I suppose I could use a small router for dhcp after VLan 2 to change them if that was important. Given the low bandwidth usage the double NAT would not be too bad. It is kinda ugly tho. Thoughts?

    Thanks to both of you for responding. Always easier when there is somebody to talk it out with.
     
  5. d__l

    d__l Network Guru Member

    I think the ability to manage a second subnet behind the RV082 has been added to the more recent firmwares. I don't know how this would interact with two VLANs.

    From the RV082 help file:

    "Multiple Subnet Setting: This feature allows users to take the existing address allocation and split it up into multiple networks. Click Add/Edit to add new subnets by entering LAN IP Address and Subnet Mask and then clicking Add to list."
     
  6. DDogg

    DDogg LI Guru Member

    Man, I just don't get that (feature). Seems to break the VLan separation, but maybe it is supposed to? I played with it and added 192.168.10.1/255.255.255.128 to my existing 10.118.98.1/255.255.255.0

    Then, on the machine plugged into VLan2 I set up a static of 192.168.10.100/255.255.255.128 GW 192.168.10.1

    The machine on VLan2 then pinged VLan1 10.118.98.10x just fine. Admittedly, I don't get what this feature is for, but why should it allow VLAN2 to talk with VLan1? Confusing.

    When I deleted the added subnet the machine on Vlan2 was isolated again.
     
  7. d__l

    d__l Network Guru Member

    I've never really understood the intent of the added subnets either. Are two different subnets on the LAN intended to be pingable and have communication? Perhaps then they aren't intended to be used with the VLAN feature which is supposed to partition the various ports into non-communication..

    I guess you could divide up a subnet for the two VLANs.
     
  8. mgeorge

    mgeorge Guest

    I know this is just a rehash of the earlier statements but has anybody ever used the 'Multiple Subnet Setting' in some useful context? It seems as if there is a key set of additional settings & instructions that are missing.

    As suggested earlier, if they were grouped together on the VLAN setting page and allowed for each VLAN to be assigned to a subnet then it would be very useful.

    I must be thick as a brick today (gotta be the humidity) but I don't really see much value in that setting in it's current form.

    If anybody has some helpful insight it would be appreciated.
     

Share This Page