https://i.imgur.com/ugyO5C4.png
As you see in the image above, I'm seeking help with making both Vlan connections (Vlan10 and Vlan20) be able to communicate with the Coffe Maker Machine, What should I do?
The way I can think of is via Inter VLAN routing
Inter VLAN routing is a process in which we make different virtual LANs to communicate with each other irrespective of where the VLANs are present (on same switch or different switch). Inter VLAN Routing can be achieved through a layer-3 device i.e. Router or layer-3 Switch. When the Inter VLAN Routing is done through Router the it is known as Router on a stick.
So you can just assign the Coffe Maker Machine to one vlan and have the router handle the communcation. Router on a Stick tutorial
Related
I have two routers:
Router A
Router B
Router A is the primary router and B is the one with lowest priority in HSRP.
What I did was to configure 3 subinterfaces with encapsulation dot1 to assign them to a VLAN.
Everything is clear to me up to this point:
I want to have a DHCP pool for each VLAN, I used the HSRP virtual IP as the gateway, but I configured DHCP exactly the same on routers A and B. I have an itch that says me even tough it works on packet tracer, it is not a correct configuration, due to having 2 DHCP servers on the same network. Is my itch correct or this is how is supposed to work?
Thank you for your answers!
so the setup I've got:
Main Router which receives the internet connection and is my primary WIFI network: 192.168.1.0/24
Secondary Router which I've connected via the following method to create a separate LAN: 10.3.3.0/24. Main Router's LAN port --> Secondary Router's WAN port.
I've got this setup fine and can get internet from the Secondary Router's LAN, no problem.
My question is: Is it normal behavior to be able to ping a device connected to the main router from the secondary router?
I would like to isolate devices on each LAN so that devices connected to the separate LAN's can't communicate and wondering if I'm able to achieve this using 2 consumer grade routers?
Cheers!
This is normal behavior because the secondary router knows that IPs in the 192.168.1.0/24 subnet should be forwarded to its WAN port, so it can access hosts connected to that network.
Sadly, you usually can't create 2 segregated subnets with 2 consumer-grade routers, as these only have 2 network interfaces (one for WAN and one for the built-in switch).
I also do not recommend doing this, as double NAT can have unexpected side effects. If you really want to separate devices on your local network, looking into VLANs is a better way. You can use your existing router but will need a compatible switch.
If your routers support vlan management you should use separate vlans for both subnets. Otherwise you cant devide your networks.
I'm writing to you because I can't solve a problem with a client.
My client has an infrastructure with the following characteristics:
2 ISP routers
1 fortigate firewall
1 dedicated router that broadcasts a UCOPIA US250 guest portal
65 Zyxel switches (1900 - 24) and one 4600 switch (4x 24 ports for the core network)
250 WIFI LIGOWAZE NFT terminals
80 VLANs
I do not manage the first 3 equipments, it is another provider.
Today, I have to pass the VLAN dedicated to the guests.
The other provider has set up the FORTIGATE to broadcast the DHCP and the associated VLAN on the DMZ port to the OUT port of the UCOPIA.
I have to broadcast VLAN 420 from the IN port to the ZYXEL switch and to the LIGOWAVE terminals.
However, when I am connected to the UCOPIA on the IN port, I manage to get the desired IP and to reach the portal, but when I test on the ZYXEL switch, it is impossible to get the dedicated VLAN.
I put myself on another port of the ZYXEL, I TAG the VLAN in question. I have modified the ID of my VLAN on my computer in DHCP that does not work. I tried to use static IP but still nothing. I can't even ping the gateway.
The ZYXEL port to which the UCOPIA is connected is TAGGED on the dedicated VLAN. I have also tried Untagged and excluding all the other VLANs but it is impossible to get this network.
Do you have any other ideas for me?
Here, you can see my diagram network:
MyNetwork
I resolved my problem.
I configured Switch like that:
Untagged dedicated VLAN
But i forgot to change the PVID VLAN.
I changed it and that work !
Just in advance im sorry for my limited expertise with networking, i know the basics tho...
So the issue i have which i am hoping someone can shed some light on..
I want to have 2 routers, each with either own vlan, and i want one router to be able to talk the other but not vise versa,
So my Main router (192.168.1.1) is connected to the modem,
I want to get a second router and connect it to my main router,
The second router i want to have its own vlan (192.168.2.1)
Now that part is pretty easy, here is where i am in over my head
I want the computers on my Main router, to be able to access the ones on the second router... like ping, RDP, ETC
BUT - i dont want the computers on the second router to have access to the ones on the main router.....
Is this possible?
Thank you,
If you are using home routers the key is in the WAN interface.
All the hosts connected in the LAN ports can access the hosts in the WAN port, but not viceversa. Your border router act this way: if you want a hosts communicate directly from WAN to LAN you have to forward a port. For example, if you have DVR with cameras and you want to monitor them from Internet, you will have to forward the ports the DVR uses.
So, you could connect in the 192.168.2.1 subnet (just to clarify, this is not a VLAN, this is a subnet, or you can also call it just a net, VLANs are another thing) the PCs that you don´t want to be accessed from the other hosts.
VLANs are kind of partition of a LAN where the broadcast can propagate inside it but cannot go out. They are used for security, performance and easy of administration. They belong to the 2nd. layer of the OSI model.
The final topology in your case is as follows:
Let´s separate your computers in two groups: group A are the ones you don´t anyone has access and group B are the ones you want to be accessed from another PCs.
First you have your modem connected to the router that will act as border router. It´s LAN IP will be 192.168.1.1/24 (/24 is a notation for the subnet mask 255.255.255.0).
To that router you will connect to it´s LAN ports the group B PCs with IPs ranging from 192.168.1.2 to 192.168.1.254 (.0 is reserved, .1 is you border router and .255 is also reserved).
Also to that router you will connect the second router to its WAN port. In the second router you will set an static IP in its WAN port that belongs to the subnet of the border router. For example 192.168.1.2.
The second router LAN IP will be 192.168.2.1/24. Finally, you will connect the group A PCs to the second router LAN ports. With IPs from 192.168.2.2 to 192.168.2.254. This will be the more "protected" LAN.
I hope this could help!
Gonna use 'ROUTER ONE' and 'ROUTER TWO', for my examples.
I have two routers, one on wireless one on ethernet. Both have different names. I want windows to just use the internet connection on ROUTER ONE and not use the connection on ROUTER TWO, but I still want to access ROUTER TWO's IP. At the moment to use the network I have to unplug the cable, as I get on the site I want, then the OTHER router takes me too another network saying that the connection is unavailable.
So then, what do I do?
The router names are irrelevant, all that matters is their IP addresses. You can tell a computer which router to use by setting it gateway address to that router's internal IP address. You can do that in the DHCP settings if you want it applied network wide.
As far as accessing both routers it all depends on how your network is set up both physically and its IP scheme. If both routers are on the same physical network and IP scheme you should be able to access them. If they are on the same physical network but on different IP schemes you can assign a second IP address to a computer that is compatible with the second scheme so you will be able to access the second router.