1
In an appartment building we need to share common equipment (IP intercom with video stream, SIP server, internal web server) with multiple households. Each household has its own internet connection and network stuff.
Households should be able to access the shared equipment but not each others network.
The idea is to have the shared devices/intercom sip server in a separate network, connected to a switch. Also each household gets one cable from this switch.
I am looking for some pointers to help us on the way. Perhaps this type of network has a name?
- How can the household networks 'see' the equipment that is shared?
- Is it possible to connect the shared network cable to a WiFi router in the homes (after some configuring), and if yes how is that 'configuring' called? If no, what kind of equipment do we need?
- Households should not be able to access the networks of the others, how can we prevent this?
- Equipment in the shared network must be able to communicate with the household networks (for example when there is a call the sip server must be able to pass the call).
Edit: a small diagram to show the intention.
ISP---internet modem home 1---switch----------->cable h1
| | |
home 1 equipment like printers..
ISP---internet modem home 2---switch----------->cable h2
| | |
home 2 equipment like printers..
cable h1---shared switch---shared equipment
|
cable h2----
Home 1 should not be able to communicate with home 2, but it should communicate with shared equipment. Personally I think the shared equipment should be in a VLAN, as well as every home. Then the 'shared switch' should have some kind of access rules to allow communication between VLAN shared and VLAN home*, but not between VLAN home* and VLAN home*.
Is this correct? How do the homes know how to access the shared switch when they are in a different ip range?
Lennart
Posted 2014-06-27T10:14:06.813
Reputation: 11
Thank you for your reply. The shared equipment is only for households, and does not need/have access to internet. So we have households that have networks like any household, only with a shared piece of network. In the topology described there is one common internet connection, which we do not have. Does the topology still hold? – Lennart – 2014-06-27T10:45:58.593
Right ok so no internet needed for the shared services, what about the SIP is that just for the door system, etc. Doesn't need to contact an external PBX for calls? So can this network be completely separate to the households networks? What will the end user get from this network a cable or a video conference screen with audio, etc? It sounds to me like their own internet network is a separate entity and this needs to be a separate entity too... is that correct or do you want only one network inside the households that can access both? – CharlesH – 2014-06-27T10:58:59.183
Each home has its own network. All the home networks together should be able to access a shared network, but not each other through the shared network. See my edit, hopefully it makes it a bit more clear. – Lennart – 2014-06-27T13:41:04.903
Much clearer just one last question! How will the shared switch---shared equipment be presented to the household, are you planning on providing an ethernet cable which will connect to the household's current switch? So they will have ISP > Router/Modem > Household Switch Port1 and Shared switch > Household Switch Port2..? If so how much influence do you have over the household's networks, are you able to change their IP ranges to suit your needs or is that their choice? You can split it using VLAN's as you mentioned but they need to be able to carry that VLAN tag with their own equipment. – CharlesH – 2014-06-27T14:22:36.830
The other way you can do it without causing any 'distress' to the households is using a firewall 'as mentioned' internally and only allowing traffic to its destination via MAC address.. The only annoyance is that if they change their router/switch, etc. they need to supply the new MAC address and get a change made on the firewall. – CharlesH – 2014-06-27T14:25:01.323
Good ideas! A question about the firewall solution: the households networks should then be in the same range as the shared network? If not how do the household routers know to which ports they should route the data to the shared network? – Lennart – 2014-07-01T08:01:39.533
Well it depends on what their household device is really. Some devices you can plug in a third party network via Ethernet cable and the router will say oh new network on x.x.x.x so set a route for any traffic to x.x.x.x go to port 3.. Other devices will go oh different network not sure what to do with that so ignore it, in which case you will need to set a manual route which can be tricky and again involves changes on each device (possibly) which is far from ideal.. The problem with same network range is that you might end up with IP conflicts if your kit is static and within their DHCP range. – CharlesH – 2014-07-01T08:49:14.743
Sorry also to answer your question, ports have no relevance it will be routed via IP address, the port follows so x.x.x.x go to this network on port xxxx... Hope that makes sense... – CharlesH – 2014-07-01T08:49:57.803