What's new

Static IP Address Block Routing

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ridgedale

New Around Here
Hi,

I hope I've posted this Thread under the correct section. Apologies, if not.

I would like to deploy a block of 8 static IP addresses purchased for the purpose of configuring direct internet access for services such as FTP server, mail server, ipCam, etc and am uncertain as to where to start. The target is to separate the services using the remaining available 5 static IP addresses completely from the internal network allowing the internal network to be able to continue to access the Internet .

The current network configuration uses a ZyXEL VMG1312-B10D as a bridge with an Asus RT-AC87U used as a wireless firewall/router to allow all the access to network services and the Internet. I've provided a .pdf file showing the current and target network configurations.

Any advice/assistance on how this can be achieved would be greatly appreciated.
 

Attachments

  • NetworkDiagram.pdf
    222.4 KB · Views: 410
ridgedale, welcome. Usually don't do much on Sundays so spotted your post by accident; nice diagram by the way. I like things that run in straight lines. Am under the weather today, but in the few minutes I stared at the diagram, I thought you might achieve your goal using only your Asus RT-AC 87 with a managed switch -or two if absolutely necessary, behind the router. Have you researched the Merlin forums for IP/static addressing? There are many senior wizards around who will probably spot your post and give you good answers Our LAN with our RT-AC3200 isn't quite the equal of your 87, but does a great deal with one Netgear managed switch, much like what you show. Your 87 with RMerlin's fork of the official Asus firmware would probably get you there, unless you specifically needed the newly hatched AIMesh. Our RT-AC3200 runs Merlin v380.68_4.

Merlin's fork is changing as the newer official code trickles down from Asus; you may have already considered what I'm trying to say, nothing against ZyXEL. I'll see if I can ask someone to take a look at this and I'm sure you'll get more responses. Good Luck.
 
Hi,

I hope I've posted this Thread under the correct section. Apologies, if not.

I would like to deploy a block of 8 static IP addresses purchased for the purpose of configuring direct internet access for services such as FTP server, mail server, ipCam, etc and am uncertain as to where to start. The target is to separate the services using the remaining available 5 static IP addresses completely from the internal network allowing the internal network to be able to continue to access the Internet .

The current network configuration uses a ZyXEL VMG1312-B10D as a bridge with an Asus RT-AC87U used as a wireless firewall/router to allow all the access to network services and the Internet. I've provided a .pdf file showing the current and target network configurations.

Any advice/assistance on how this can be achieved would be greatly appreciated.

Looking at your goal, I wonder if using pfSense with VLANs is a better fit for your use case? This blog tells you how to set up on pfSense

https://nguvu.org/pfsense/pfsense-baseline-setup/

Lawrence Systems has a video that also explains it but also includes the steps you need to do on the switch.

 
ridgedale, welcome. Usually don't do much on Sundays so spotted your post by accident; nice diagram by the way. I like things that run in straight lines. Am under the weather today, but in the few minutes I stared at the diagram, I thought you might achieve your goal using only your Asus RT-AC 87 with a managed switch -or two if absolutely necessary, behind the router. Have you researched the Merlin forums for IP/static addressing? There are many senior wizards around who will probably spot your post and give you good answers Our LAN with our RT-AC3200 isn't quite the equal of your 87, but does a great deal with one Netgear managed switch, much like what you show. Your 87 with RMerlin's fork of the official Asus firmware would probably get you there, unless you specifically needed the newly hatched AIMesh. Our RT-AC3200 runs Merlin v380.68_4.

Merlin's fork is changing as the newer official code trickles down from Asus; you may have already considered what I'm trying to say, nothing against ZyXEL. I'll see if I can ask someone to take a look at this and I'm sure you'll get more responses. Good Luck.
Hi st3v3n,
Thank you for your reply and feedback.
The ZyXEL box is needed to connect to the fibre Internet connection. The other limitation is the network is managed remotely.
If possible, I'd like to avoid replacing the Asus router's firmware as I won't be visiting the site for another couple of months.
If the attempt was made to replace the firmware, I am assuming the existing configuration of Asus router would be dumped and the router would reset to the Merlin default settings. Is that correct?
 
Last edited:
Looking at your goal, I wonder if using pfSense with VLANs is a better fit for your use case? This blog tells you how to set up on pfSense

https://nguvu.org/pfsense/pfsense-baseline-setup/

Lawrence Systems has a video that also explains it but also includes the steps you need to do on the switch.

Hi Xentrk,
Thank you for your reply.
I'm not sure what benefits pfSense would provide. From what I can see VLANs are already supported by the ZyXEL router and Netgear managed switch. My concern is also that adding pfSense requires additional hardware that effectively creates an additional potential point of network failure. Also, as mentioned in previous reply to st3v3n, I won't be visiting the site for another couple of months.
Is it not possible to reconfigure the existing hardware to achieve my goal?
 
Surely you can do it however you wish, you asked for advice/assistance, and that's what you've received; theses are suggestions/alternatives, that if you take the time to study them with an open mind, might reveal a better path to accomplish your goal. If you've decided to go with your diagram, good luck.
 
i think he was looking for advice with the existing gear or a definitive answer that it would not work well enough.
 
Hi Xentrk,
Thank you for your reply.
I'm not sure what benefits pfSense would provide. From what I can see VLANs are already supported by the ZyXEL router and Netgear managed switch. My concern is also that adding pfSense requires additional hardware that effectively creates an additional potential point of network failure. Also, as mentioned in previous reply to st3v3n, I won't be visiting the site for another couple of months.
Is it not possible to reconfigure the existing hardware to achieve my goal?

I may not fully understand what you are trying to accomplish. The comment you made about obtaining separate static IP address and the need to separate services is what led me to recommend pfSense:
Hi,
I would like to deploy a block of 8 static IP addresses purchased for the purpose of configuring direct internet access for services such as FTP server, mail server, ipCam, etc and am uncertain as to where to start. The target is to separate the services using the remaining available 5 static IP addresses completely from the internal network allowing the internal network to be able to continue to access the Internet .

With VLANs on pfSense, you can have one WAN iface and not require the purchase of separate static IP addresses from you ISP. You can then create VLANs to separate the FTP Server, mail server, ipCam, etc from each other. Yes, you will require new hardware for pfSense. Then, there is the learning curve of pfSense. But there are many videos and blogs on how to set it up. You can use your existing managed switch with this set up.

You can configure the OpenVPN Server feature on pfSense to give you remote access to the services on the network if needed.
 
i think he was looking for advice with the existing gear or a definitive answer that it would not work well enough.
Hi st3v3n / degrub,
Perhaps I did not make it clear, but degrub is correct. That is what I was aiming for.
Thanks again for your input.
 
I may not fully understand what you are trying to accomplish. The comment you made about obtaining separate static IP address and the need to separate services is what led me to recommend pfSense:


With VLANs on pfSense, you can have one WAN iface and not require the purchase of separate static IP addresses from you ISP. You can then create VLANs to separate the FTP Server, mail server, ipCam, etc from each other. Yes, you will require new hardware for pfSense. Then, there is the learning curve of pfSense. But there are many videos and blogs on how to set it up. You can use your existing managed switch with this set up.

You can configure the OpenVPN Server feature on pfSense to give you remote access to the services on the network if needed.
Hi Xentrk,
Perhaps I did not make this clear, but there is one WAN interface and the block of static IP addresses has already been purchased.
What I was after is whether or not it is possible to achieve the target configuration using the existing equipment outlined, and, if so, how it may be achieved.
I hope that helps to clarify things.
Thanks again for your input.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top