For a moment, forget about whether the following is typical or easy to explain, is it safe and sound?
Internet
|
ISP supplied router x.x.x.1 (public subnet)
|
switch-------------------------------------+
| (public subnet) | (public subnet)
BVI router (switch with an access list) NAT router
| (public subnet) | (private subnet 192.168.50.1)
+--------------------------------switch----+ (both subnets)
| |
computer with IP 192.168.50.2 ------+ +----computer with IP x.x.x.2
I don't plan to implement this setup, but I am curious about it.
- The 50.2 computer may send a packet to the x.2 computer, but it will use 50.1 as the router, since 50.2 knows that the subnet is different. Would this result in the packet being received twice by the x.2 machine, first directly through the switch, second by way of the two routers?
- Do you see any problems with this aside from how confusing it is, and that it would put one switch doing the work of two subnets?
Additional details:
- There will not be DHCP involved. (that would be truly confusing)
- I am aware that I have totally eliminated whatever security/separation I would normally have between
x.x.x.*and192.168.50.*. - I am not interested in accomplishing a direct link between
x.x.x.*and192.168.50.*. I am just interested in preventing endless loops, or double-delivery of all the packets. - My switches are unmanaged/dumb switches – except for the BVI router. The "router" is set up with BVI (similar to bridge-route). It works just like a switch, except for its dropping of packets based on source and destination IP address and port.
Best Answer
No, because a switch is not a hub. A switch sends unicast packets only to those ports that have the receiving MAC address registered.
No, but remember your security is as thin as it gets. Access the ports - no security. Hack a machine - no security. It works better if your switch is no totally stupid (unmanaged) and you can at least set multicast groups or VLAN settings.