0

I have a somewhat limited knowledge of network configuration, but would like to achieve something like the following:

  • have two work areas set up
  • the "admin" work area happens to be physically separate from the second "general" work area
  • the gateway to the IP cloud is physically located within the "admin" area
  • users in the "admin" area will be able to access all resources within the "admin" and the "general" work areas, as well as the internet
  • users in the "general" area will not be able to access any of the resources in the "admin" area
  • users in the "general" area will be able to access the internet

I would like to think this is possible with the use of subnets, but am not sure. Is anyone able to tell me if this is possible?

Many thanks.

Jon Pawley
  • 185
  • 1
  • 1
  • 6
  • It would be useful to know what hardware you have presently or whether you need to purchase the hardware for this setup. – Lawrence Nov 28 '13 at 01:58
  • 4
    VLANs would be a more flexible option. You actually still need to use different subnets though. But it allows you to put those networks wherever your want and have some machines on both networks without having multiple NIC's. – hookenz Nov 28 '13 at 01:58
  • @Lawrence: hardware would need to be bought, at some stage in the future. My best guess is that there'd be an xDSL modem/gateway, with a certain number of ports, which could be used in the "admin" area. Some of these ports would be fed to the "general" area, which would have a switch to provide plenty of ports. I'm quite happy messing about with DD-WRT based routers, by the way. – Jon Pawley Nov 28 '13 at 03:06
  • @Matt: Ah, VLANs. OK, I've heard of them ;) Conceptually, I would guess that would involve binding a MAC address at the DHCP level to a list of VLANs, right? – Jon Pawley Nov 28 '13 at 03:40

1 Answers1

3

With the exception of 'the gateway to the IP cloud is physically located within the "admin" area' which is a statement I would need clarified, the answer is yes.

Separating into subnets places a requirement that traffic crossing between the subnets passes through an ip router. ip routing is a common function to complement with tcp/ip filtering which defines what traffic may pass where, and under which conditions.

The rest is up to your equipment.

Physical separation (for instance using separate switches for admins and users )is one way of creating separation, and which is perhaps easiest to picture. Logical separation using vlans is another, which makes for equipment sharing and greater flexibility for change for instance. Using vlans makes for a steeper learning curve, so wheigh time requirements in.

The router would be a central node tying both networks together in both solutions. However, in a world where time is money, 'messing about with DD-WRT based router' sounds like a costly way of solving a business task.

Read more here:

How does IPv4 Subnetting Work?

How do VLANs work?

Community
  • 1
ErikE
  • 4,676
  • 1
  • 19
  • 25