- Joined
- Feb 11, 2013
- Messages
- 40 (0.01/day)
Let me say up front that I apologize for the length of this post, but I wanted to give as much detail as possible..
First a little background..
(refer to this diagram http://sjfm.us/temp/network_topology2.jpg for specifics)
I have a little computer shop at a local Flea Market. In addition to my shop's NET needs, I also provide WiFi Hotspots for the entire Flea Market and I admin 2 different IP based Security Surveillance systems, one for the Flea Market and one for my shop..
There are three main subnets in play here..
10.1.10.xxx
192.168.20.xxx
192.168.1.xxx
As you can see by the above diagram, there are also 3 distinct LANs in play.
The Shop's LAN (upper left, 192.168.20.xxx)
The FM Office LAN (upper right, 10.1.10.xxx)
The Grid (lower, a mix of 10.1.10.xxx, 192.168.1.xxx and 192.168.20.xxx subnets)
Now, here is what I need to happen..
The EXETER workstation (upper center) has 3 NICs in it and must have complete unfettered access to all 3 subnets AND to the Internet. That is my main workstation.
The FM Wifi Hotspot grid (192.168.1.xxx) must be completely isolated and ONLY have Internet Access. It cannot be allowed access to the 192.168.20.xxx and 10.1.10.xxx subnets
The YORKTOWN workstation is the Shop's Security Surveillance server. It's on the 192.168.20.xxx subnet, but it needs to have access to a couple of The GRID's .20.xxx IP Cameras.. The workstations on the .20.xxx subnet must have NET access and that's all that is required. I also have (not pictured in the diagram) a Linksys WRT54G running DD-WRT that provides Wifi access to the net from the shop. This has a DHCP running but causes some problems for other subnets. More detail on that later..
Which brings us to.....
The LEXINGTON workstation (sensing a pattern??
) is the FM Security Surveillance server and has access to the 10.1.10.xxx IP cameras from The GRID and has it's Internet access thru the FM Office Comcast Account.
I have this setup and it does appear to work OK. The 192.168.1.xxx WiFi routers do give NET access to the masses, but sometimes (for no apparent reason) the DHCP server from the 192.168.20.XXX DD-WRT Linksys sometimes "gets in the way and gives out .20.xxx IPs to computers connecting that SHOULD have .1.xxx IPs. That DD-WRT router ALSO seems to give out it's IP (192.168.20.5) as the gateway for ALL connections. The gateways SHOULD be .20.1 and .1.1 for the associated subnets...
So, basically I am left with a big mess that sometimes ALMOST works as required, but there are times (usually at the most inopportune moment) when the whole thing collapses..
Now, I have been told that VLANs are where I need to be. All of this actually DID start out as a VLAN project..
I put in a LINKSYS RV082 to act as the "train yard for all the various connections...
I got some assistance from a tech friend in Chicago and he sent me an updated diagram on how HE would do things:
http://sjfm.us/temp/Topo2.jpg
My current setup is kind of an amalgamated version of the first diagram and the second diagram.
The weird thing is, when I set things up that way, the ONLY way it would work is if I had everything on VLAN1...
I am wondering if my best course of action is simply to pull everything down/off/out and start from scratch.. One of the biggest problems I noticed when working with VLANs is that, with the RV082, DHCP was not available except for the default LAN, in this case 192.168.1.1
I am thinking I might replace the RV082 with a simple Linksys WRT54G running DD-WRT because I know that DD-WRT will allow VLANs with corresponding DHCP service..
My biggest problem in all of this is that the networking I want to do is way above my pay grade. I know enough just to be dangerous as the current mess surely indicates.
If anyone has any words of wisdom (beyond sitting down and crying.. tried that. didna help..
) I would be immensely grateful..
Michale
First a little background..
(refer to this diagram http://sjfm.us/temp/network_topology2.jpg for specifics)
I have a little computer shop at a local Flea Market. In addition to my shop's NET needs, I also provide WiFi Hotspots for the entire Flea Market and I admin 2 different IP based Security Surveillance systems, one for the Flea Market and one for my shop..
There are three main subnets in play here..
10.1.10.xxx
192.168.20.xxx
192.168.1.xxx
As you can see by the above diagram, there are also 3 distinct LANs in play.
The Shop's LAN (upper left, 192.168.20.xxx)
The FM Office LAN (upper right, 10.1.10.xxx)
The Grid (lower, a mix of 10.1.10.xxx, 192.168.1.xxx and 192.168.20.xxx subnets)
Now, here is what I need to happen..
The EXETER workstation (upper center) has 3 NICs in it and must have complete unfettered access to all 3 subnets AND to the Internet. That is my main workstation.
The FM Wifi Hotspot grid (192.168.1.xxx) must be completely isolated and ONLY have Internet Access. It cannot be allowed access to the 192.168.20.xxx and 10.1.10.xxx subnets
The YORKTOWN workstation is the Shop's Security Surveillance server. It's on the 192.168.20.xxx subnet, but it needs to have access to a couple of The GRID's .20.xxx IP Cameras.. The workstations on the .20.xxx subnet must have NET access and that's all that is required. I also have (not pictured in the diagram) a Linksys WRT54G running DD-WRT that provides Wifi access to the net from the shop. This has a DHCP running but causes some problems for other subnets. More detail on that later..
Which brings us to.....
The LEXINGTON workstation (sensing a pattern??
I have this setup and it does appear to work OK. The 192.168.1.xxx WiFi routers do give NET access to the masses, but sometimes (for no apparent reason) the DHCP server from the 192.168.20.XXX DD-WRT Linksys sometimes "gets in the way and gives out .20.xxx IPs to computers connecting that SHOULD have .1.xxx IPs. That DD-WRT router ALSO seems to give out it's IP (192.168.20.5) as the gateway for ALL connections. The gateways SHOULD be .20.1 and .1.1 for the associated subnets...
So, basically I am left with a big mess that sometimes ALMOST works as required, but there are times (usually at the most inopportune moment) when the whole thing collapses..
Now, I have been told that VLANs are where I need to be. All of this actually DID start out as a VLAN project..
I put in a LINKSYS RV082 to act as the "train yard for all the various connections...
I got some assistance from a tech friend in Chicago and he sent me an updated diagram on how HE would do things:
http://sjfm.us/temp/Topo2.jpg
My current setup is kind of an amalgamated version of the first diagram and the second diagram.
The weird thing is, when I set things up that way, the ONLY way it would work is if I had everything on VLAN1...
I am wondering if my best course of action is simply to pull everything down/off/out and start from scratch.. One of the biggest problems I noticed when working with VLANs is that, with the RV082, DHCP was not available except for the default LAN, in this case 192.168.1.1
I am thinking I might replace the RV082 with a simple Linksys WRT54G running DD-WRT because I know that DD-WRT will allow VLANs with corresponding DHCP service..
My biggest problem in all of this is that the networking I want to do is way above my pay grade. I know enough just to be dangerous as the current mess surely indicates.
If anyone has any words of wisdom (beyond sitting down and crying.. tried that. didna help..
Michale
