Menu
What's new
By:
Filters Better Search

Connect & Access across separate LAN Subnets in 2 Suites in a building?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

crashnburn

Regular Contributor
Connect & Access across separate LAN Subnets in 2 Suites in a building?

Following is an older diagram of a 2+1 level Small Business/ Startup + Co-working space, with recent expansion & need for integration.



The following changes & information have been outlined:

2 CAT6 Networks/ LANs:

  • Level 3 & 4 LAN is integrated & maps off a Central Area (Green Area); which has the NAS
    • ISP---WR1: Asus RT-N16 N Router w Tomato USB FW + HP ProCurve 24 GigE Managed SW + ... N/W Clients
    • Considering adding a PfSense/ Sophos box around here in the future
  • Level 5 is a separate; a simpler & sparser LAN; recent expansion and sub-let
    • ISP---WR3: Netgear or D-Link Wireless N Router + ... N/W Clients
Each of the above units have their own ISP with their own Data Cap limits

  • The Stuff in Green box to the upper right titled 'Load Balance ISPs' does not exist; It was the original plan that was never implemented

  • We plan to run CAT6 cable between Level 4 & 5, outside the building and maybe add some more cables + terminations, and maybe a Hub/ Switch inside Level 5 - This is open/ flexible for now

  • We need to connect & give access to NAS & maybe MFC/ Printer/ Scanner from Level 6 LAN
2 possible connection & usage scenarios pop up in my head:

  • Option A: Level 5 clients have Limited access purely to NAS & MFC; not be able to use Level 4 ISP Bandwidth
  • Option B: Level 5 & 4 clients be able to share/ switch over/ bond ISPs in some fashion?
Key Question:
With Option A constraints, How can we Connect/ access across separate LAN Subnets in 2 Suites in a building?

  • Network Partitioning
  • Addressing
  • Physical Connections & Hardware
  • SubNets/ VLANs?
 
Your diagram and description are a little hard to read and understand. Based on what I think your asking here is what I would do in your situation. I would put in a Layer3 switch (routing switch), probably where your Procurve switch is now. Either replace the Procurve and move the Procurve up to level 5, or put in a small Layer3 switch in the location with the Procurve. I would then break your network up into at least 3 VLANs and Subnets. One Subnet for Level 3&4, Subnet for level 5, and subnet for shared resources like NAS and MFC. Then you can have the switch route between Level 3/4 subnet and shared resource subnet as well as between level5 subnet and shared resource subnet, but not between level 3/4 and level5 subnets.
 
I like abailey's explanation. The only thing I am finding with these smaller layer 3 switches is you can not control default gateway or default routing. Using 2 separate routers is going to require 2 separate layer 3 switches. If you want to load balance then you will need layer 3 switches with controllable default gateway or default routing something like policy routing, protocol routing, or etc. Build a VLAN between the 2 layer 3 switches for control of the networking, load balancing, or just fail over ISP your choice.

I guess I should add using a Cisco SG300 switch would require 2 layer 3 switches because 2 routers with a VLAN in between them to control shared resources with ACLs. No load balancing only manual failover.

I am not sure of the capability of the SG500 or SG500X. It would be nice to know.

Otherwise you would need a real Cisco IOS layer 3 switch. I am not up with latest layer 3
switches as it has 10 years since I was a Cisco hack.


My explanation is only if you are trying to achieve load balancing, failover to solve the initial problem issue using 2 routers for gateways with layer 3 switches. You could use a router for VLAN routing but you are talking millisecond response and a layer 3 switch is nanosecond response so there is big difference in performance routing packets.
 
Last edited:
I like the idea of 3 subnets, but why do I need Layer 3 switches and the cost to go with that?

I'd like the 2 LANs to continue as before with their respective ISPs and Data Caps.

I just wish "Create a Secured link over CAT6" that allows access only to NAS and maybe MFC.

For now I am not looking to do any Load Balancing or ISP sharing.. as mentioned in Option B.
 
Use a VLAN between the 2 routers and use ACLs to control the flow. Routers are just much slower than layer 3 switches.

I would rather use a layer 3 switch or switches.

You may be able to use a routing protocol like RIPv2 between the 2 routers. If it makes it simpler I would use it otherwise I would use static maps.

Map it out on a white board with IP addresses and ACLs before you make any changes just to make sure it will do everything you need.

PS
I don't know if it makes sense to add your NAS and stuff to the VLAN between the routers.
There are some Apple functions which seem to only work in one network. I also always assign a network to every VLAN I create. So when I say a VLAN between routers I mean a network VLAN.
 
Last edited:
crashnburn said:
I like the idea of 3 subnets, but why do I need Layer 3 switches and the cost to go with that?

I'd like the 2 LANs to continue as before with their respective ISPs and Data Caps.

I just wish "Create a Secured link over CAT6" that allows access only to NAS and maybe MFC.

For now I am not looking to do any Load Balancing or ISP sharing.. as mentioned in Option B.
Click to expand...

You have to have a router of some type to enable communication between the VLANs (if you are using a different subnet for each VLAN). You could make it work with just a layer 2 switch if all your VLANs were in the same subnet but I would strongly urge against that type of design.
 
Just curious - What would be the cheapest Layer 3 switch/ router on the market?

Its not a choice of layer 2 or 3. Its a choice of Dollar for an SMB/ Startup right now.

Currently for equipment we have:
L3 - WR1: Asus RT N-16 / Tomato USB Fw + HP ProCurve GigE Managed Switch
L4 - WR2: TP link TL WR 740N / Stock Fw/ But is DD-WRT compatible - Only being used as a Wireless AP/ WAP.
L5 - WR3: D-link DIR 816 / Stock Fw & Use / Curious if hackable with Fw?

Except fpr WR3 - I think all of the above are VLAN capable.

We can easily swap WR2 & WR3 if needed for better Router-to-Router link. Then I think we won't need an extra box?
 
Last edited:
You must log in or register to reply here.

Similar threads

R
Isolating LAN from clients behind second router
Replies
6
Views
608
glens
G
G
Issue with Non-Asus Router in AIMesh Network
Replies
5
Views
910
GMD99
G
drinkingbird
Tutorial Repeaters vs Bridges vs Routers
Replies
0
Views
638
drinkingbird
drinkingbird
juliovedovatto
TUF AX5400 Can't get Dual Wan to work
Replies
0
Views
491
juliovedovatto
juliovedovatto
A
Improving home wifi
Replies
13
Views
896
coxhaus
C
Similar threads
Thread starter Title Forum Replies Date
SpeedThree Failure to connect MB Pro to Synology router. Other LAN and WAN 16
N Help needed to configure access 2 different routers from 1 PC at same time ? Other LAN and WAN 17

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 748 (members: 19, guests: 729)
Top