custom subnets

[harryS]

Hi,

My apologies if this has already been asked, i couldnt find it anywhere.

I was wondering if it was possible to create more than 1 (2) subnets with the wl-500g router. As i would like the share the internet but separate the subnet into 2 parts.

And also has anyone tried using and external hardrive on the usb port?

Thanks heaps it is much appreciated.

PS. Thanks Oleg for the great work on the firmware.

[Antiloop]

use search first please

[harryS]

As mentioned I have searched the forum but to no avail.

Their does not seem to be any information about custom subnets or classless LANs. It would be much appreciated is I could find out if this is possible.

Thank you.

[brubber]

Seems to me you can already connect to the router from multiple subnets, just make sure your routing (static routes) and firewall(s) is setup correctly on your main router and on the routers / workstations in your subnets.

In older firmware (at least in 1.6.5.3) you have the option to make a separate subnet for your wireless connections.

for some basic TCP/IP reading go to http://www.pku.edu.cn/academic/resea...ml/TC0602.html

and for an example of a two segment Class C network go to http://www.pku.edu.cn/academic/resea...ml/TC0602.html

BTW, what do you mean with a classless LAN?

[harryS]

Hi brubber thanks for the quick reply.

Sorry i didnt explain myself properly.


I understand that it is possible to separate the network into three distinct networks:
1. The WAN interface
2. WLAN
3. LAN

What i want to do is separate the LAN or WLAN network into several subnets. So they can still have access to the internet but not see each other, creating several broadcase domains. This could be accomplished with the use of subnetting (creating classless networks).

This would also be possible if 2 or more networks were created with an assigned subnet mask eg.


Network one:
Subnet mask: 255.255.255.0
IP:192.168.1.1~254

Network two:
Subnet mask: 255.255.255.0
IP: 192.168.2.1~254


This is a pure security reason and would normally be done with the use of a high end router within large organisaions or where security between networks is an issue.


I appreciate any help and adivce i could get.

Thank you

[Oleg]

Blocking broadcasts dos not mean security at all.
Yes, you can add new subnets by aliasing the same ethernet interface on the wl500g. But this is useless, unless you use VLANs...
You may to consider bying wrt54g/gs and installing openwrt on it. It has an ability to assign unique VLAN and to each of it's port. So, you can use it for building secure network.
Another option is to wait for wl500gx, it should also be capable of maintaining different VLANs on different LAN ports.

[Jeroen Vonk]

What i want to do is separate the LAN or WLAN network into several subnets. So they can still have access to the internet but not see each other, creating several broadcase domains. This could be accomplished with the use of subnetting (creating classless networks).

Maybe you are a bit confused with classless interdomain routing? (CIDR) Unfortunately like Oleg says, this does not give you any security advantage at all.

[brubber]

I really don't understand the problem;
A class C network xxx.xxx.xxx.0 can be subnetted for example using the subnet mask 255.255.255.192, this will yield two subnets: xxx.xxx.xxx.64 and xxx.xxx.xxx.128, each capable of hosting 62 systems.

The solution with 192.168.1.1 and 192.168.2.1 is a easy to configure in firmware 1.6.5.3, which even includes a separate WLAN - LAN firewall.

[harryS]

Guys, thanks for your help
It is much appreciated.

I was alwyas under the impresion that different subnets could not access each other unless authorised by the router: "In addition to the need for manageability, subnetting enables the network administrator to provide broadcast containment and low-level security on the LAN. Subnetting provides some security since access to other subnets is only available through the services of a router." CCNA1.

Although networking was never my forte, so i wil take your advice for it.

So i have now realised that it is possible to have different subnets on a WL-500g network but it is of no use due to their being no security advantage.

Oleg you tell me the only way to segragate one network or get this kind of security is with the use of VLAN's which is not possible as of yet? with the wl-500g that is.

My main problem is that i have 7 computers on the network and 2 of those six i would like to have on a different network as they have a tendancy to get worms and viruses, which i want to protect myself from. The 2 are both on different interfaces as well WLAN and LAN. I thought i good solution would be to separate the networks into 2.

Thanks

[Oleg]

Oleg you tell me the only way to segragate one network or get this kind of security is with the use of VLAN's which is not possible as of yet? with the wl-500g that is.

You can use VLANs but you need to have VLAN enabled hardware to physically separate LAN ports.
wl500g design does not allow to control built in switch used for LAN ports, while wrt54g/gs allows that.
So, if you've external switch which supports VLANs, than you can enable VLANs on the wl500g too.