Menu
What's new
By:
Filters Better Search

Dual WAN configuration question?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

bspisak

New Around Here
I'm helping setup a network for a small non-profit school. I want to use OpenDNS to provide filtered access to the student network, but the teacher's should have unrestricted access. The teacher network should also have the ability to access the student machines.

Can a basic dual WAN router (like the Cisco RV042) be configured to do this? (I don't care about redundancy, fail-over or load balancing.) I basically just want two separate networks each with it's own IP address and DNS server with the additional capability to communicate between the two without going to the WAN.

Thanks in advance,
Brian
 
bspisak said:
I'm helping setup a network for a small non-profit school. I want to use OpenDNS to provide filtered access to the student network, but the teacher's should have unrestricted access. The teacher network should also have the ability to access the student machines.

Can a basic dual WAN router (like the Cisco RV042) be configured to do this? (I don't care about redundancy, fail-over or load balancing.) I basically just want two separate networks each with it's own IP address and DNS server with the additional capability to communicate between the two without going to the WAN.

Thanks in advance,
Brian
Click to expand...


Yes, you can do this, you'll need to set-up two different gateways, one for one the student VLAN/Subnet, and one for the teachers. Then setting up routing rules that can handle the traffic between the two subnets.

The students gateway, using OpenDNS would be filtered. Teachers gateway ( WAN2 ) wouldn't, but would be configured to route to the students subnet/VLAN.

Draytek is one of the routers that a respected senior guy here, Dennis Wood, recommends for this sort of thing.

I recommend pfSense, which has has SquidGuard for parental controls, and will do dual WAN as you describe. But of course you'd have to put the router together yourself.


Cheaper solution, a single ISP:

Quite a few ISPs offer an additional fixed IP address, beyond the standard DHCP issued one for some small additional fee. The fixed IP for the teachers, the dynamic IP would be OpenDNS filtered. Save you the cost of a separate ISP/Modem.


If you decide to go something like pfSense ( got an old desktop machine? ), I be glad to help you out.

Dennis has a couple threads on Draytek under the routers category.
 
Thanks for the response.

I don't want to configure and maintain my own router/firewall. I'm currently leaning towards the Cisco RV042 which provides Dual WAN capability.

I've attached a document showing exactly what I'd like to do.

All teacher machines (either wireless or wired at any location) routed to IP1 using DNS1 which is unfiltered.

All student machines (either wireless or wired at any location) routed to IP2 using DNS2 which is configured with OpenDNS to be filtered.

Teacher machines able to access student machines and vice versa.
 

Attachments

  • Network.jpg
    Network.jpg
    27.9 KB · Views: 306
Yes a dual WAN router will handle this, are you looking for specific Cisco RV capability run down?

How are you going to tell the teachers from the students? Two ways I can think off.

DHCP on MAC addr?
Static IP config on each machine?


The config you want, create two subnets, Students, 192.168.100.x, and Teachers, 192.168.200.x:

Create two gateways:

Gateway One that uses WAN IP1 and OpenDNS for Students
Gateway Two uses WAN IP2 and say Google/ISP DNS

STUDENT:
MAC listed as Student
Uses Gateway One
DNS is Gateway One

TEACHER:
MAC listed as Teacher
Uses Gateway Two
DNS is Gateway Two



Routing rules for Teachers:

if Destination is Subnet(student) -> Gateway(student)
NetBios is a whole other issue, and would require a windows server config


Of course, if you want strict compliance, you'll need a proxy server. Otherwise, a student could change his settings to bypass OpenDNS.

Draytek ( say the DrayTek Vigor 2910 ) offers a alternative to the Cisco, at about the same price, and supposedly better monitoring and firmware ( and is not Cisco, see EFF write-up)


Hope this helps.
 
Last edited:
Thanks. Yes that helps.

However, I was thinking the router could just route based on subnet, but I guess I'm not sure how a client gets assigned to a subnet when using dhcp.

When setup properly (and these are running ms win) do the clients request an ip address in a given subnet range based on their mask or some other configuration option?

Assuming the clients are assigned an ip in the correct subnet can the router then route based on subnet and not ip or mac addr? Seems a bit cleaner than poking all that into the router.

I'm not too concerned about client reconfig as these are only K-5 without admin privledges (those perhaps I'm being naive :)

I'll definitely check out the draytek. Thanks for the pointer.
 
bspisak said:
However, I was thinking the router could just route based on subnet, but I guess I'm not sure how a client gets assigned to a subnet when using dhcp.
Click to expand...

In config above, routing is done by subnet, specifically the gateway for that subnet.

Teachers: 192.168.100.x Gateway:192.168.100.1
Students: 192.168.200.x Gateway: 192.168.200.1


When setup properly (and these are running ms win) do the clients request an ip address in a given subnet range based on their mask or some other configuration option?
Click to expand...

There are three ways I know you can assign an IP to a machine, when you want it within a specific subnet:

1. Manually configure the network settings, defining the gateway, ip and netmask and the gateway as DNS addresses

2. Use DHCP based on MAC ADDR, which issues an ip, gateway, netmask and the gateway as DNS to the requesting machine

3. Use a Separate Routers for each subnet, wiring the machines appropriately to each router, then bridging through a router ( can be one of the two)

There is probably a windows server approach to this that would use the user id and/or host name to assign an IP. But that is outside the scope of the config you are talking about. And outside my bailiwick.

Assuming the clients are assigned an ip in the correct subnet can the router then route based on subnet and not ip or mac addr? Seems a bit cleaner than poking all that into the router.
Click to expand...

That is what is happening, routing based on subnet, the ip defines which subnet you are on. Going to each machine and assigning it an ip and gateway within the needed subnet would accomplish that.

A subnet is just a set of IP Addresses within a range, the range is bounded by the netmask.

I'm not too concerned about client reconfig as these are only K-5 without admin privileges (those perhaps I'm being naive :)
Click to expand...
In that age range I was hacking modems and user accounts to access the university system (1960/1970's).

I'd be surprised if a fifth grader couldn't hack his network settings under windows, let alone know what Tor is.

An approach to this problem is to use a proxy server, it would make your life easier, proxy servers can use IP addresses, user names, or host names - negating your dual wan and being overall cheaper....
 
Last edited:
Well, despite chatting with Cisco online and having them tell me the RV042 will do what I want, the manual seems to indicate otherwise.

The only two options for dual WAN are fail-over and load balancing and it specifically says load balancing is NOT done for DNS queries.

Now, the RV016 seems to allow protocol binding, so that may be the ticket, I'll have to look into that a bit more.

But, this prompted me to look at Draytek's website. What's up with THAT??? Their front page says they're a medical device company, but clicking on "Surgery" brings up "Dual WAN Solution", clicking on Gastroenterology brings up QoS..... is this a joke???? Bizarre...
 
bspisak said:
But, this prompted me to look at Draytek's website. What's up with THAT??? Their front page says they're a medical device company, but clicking on "Surgery" brings up "Dual WAN Solution", clicking on Gastroenterology brings up QoS..... is this a joke???? Bizarre...
Click to expand...

You're right, very weird, never been to their site before. Maybe a foreign company, but only network stuff in the US? Beats me.
 
bspisak said:
But, this prompted me to look at Draytek's website. What's up with THAT??? Their front page says they're a medical device company, but clicking on "Surgery" brings up "Dual WAN Solution", clicking on Gastroenterology brings up QoS..... is this a joke???? Bizarre...
Click to expand...
Go to http://www.draytek.com/

The draytek.us is a domain owned by Draytek's former US partner.
 
You must log in or register to reply here.

Similar threads

A
Questions about AiDisk (FTP) and remote access of USB HDD - Load balancing and CGNAT
Replies
1
Views
386
OzarkEdge
OzarkEdge
B
Dual WAN and mesh Wifi - what's the best way to increase internet bandwidth and wifi coverage?
2
Replies
25
Views
1K
Tech9
Tech9
GShlomi
Two WANs but not dual-WAN, with port-forwarding
Replies
7
Views
522
GShlomi
GShlomi
J
Dual WAN AXE16000 + XT12 Mesh to Merlin
Replies
4
Views
340
L&LD
L&LD
TheLostSwede
ASUS Unveils RT-BE88U WiFi 7 Dual-Band Router
2 3 4
Replies
71
Views
7K
TheLostSwede
TheLostSwede
Similar threads
Thread starter Title Forum Replies Date
U Hotspot to WAN Port Wired Connection Other LAN and WAN 4
D Gig WAN on 68Mbps VDSL? Other LAN and WAN 8

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 662 (members: 17, guests: 645)
Top