I'm hoping a network guru can help me out here. I have a network installation project at a client site and I've mentally mapped out how I plan to set it up.
They already have a Verizon router set up and it must stay configured as the first device in the chain. They want "guest" users (i.e. those that connect to a WAP) to have no access to the computers on the Windows domain.
Here is the config. I'd like to know if anyone sees any problem with this and can point me in the right direction on a few questions below.
Chain of connectivity: Internet -> Verizon router -> Netgear router -> Switch -> Patch panel (server & workstations)
- Note: WAP devices would hang off Verizon router
Verizon Router
- WAN port connects to internet
- Internal IP: 192.168.1.1
- DHCP on, range 192.168.1.2 – 100
- LAN port connects to Netgear WAN port
Netgear Router
- WAN IP: 192.168.1.250
- DHCP off
- LAN port connects to Netgear switch
- LAN IP: 192.168.2.1
Netgear Switch
- LAN port connects to server and patch panel (workstations)
Server
- IP: 192.168.2.2
- DHCP on, range 192.168.2.2 – 200
Workstations
- IP: auto-assigned
- DNS server: 192.168.2.2 or auto-assigned?
- Gateway: 192.168.2.1
Questions:
- Do there appear to be any major problems with the above configuration that will make it not work?
- The item in bold above, what should the IP's be?
- In this configuration, will computers connected to the Verizon router be able to see/access computers behind the Netgear router, since they are on different subnets? (I don't want them to be able to).
- Vice versa, will computers behind the Netgear router be able to see/access computers connected to the Verizon router?
- Computers connected to the Verizon router (192.168.1.x) will need to pull an IP from the DHCP server behind the Netgear router (192.168.2.x), and computers behind the Netgear router will need to send/receive internet traffic through the Verizon router. Should this "just work" with the above config or do either of the routers need any special configuration (DHCP relay, static routes, etc) in order to be able to pass traffic in and out?
- If I wanted to add a WAP to the Verizon router (192.168.1.x), would I just hardwire it to a LAN port on the Verizon router and set it to get an IP automatically from the Verizon router, then disable DHCP on the WAP and set client computers to auto?
Best Answer
Not really
DNS right? If 192.168.2.2 is your internal DHCP(Windows AD DC, I'm assuming), then you'll configure that to push out whatever DNS server you want, the same pc, 192.168.2.2 if you're running DNS on it also.
No. The stuff on the verizon router is "on the internet" as far as the stuff behind the netgear is concerned. The only incoming traffic allow will be what you define in the Netgear, ie. Portforwarding.
Yes
PC's behind the Netgear will "just work". I'm a little confused, You want wireless clients to connect to the Verizon router, and you want don't want them to have access to the LAN, right? Don't you want them to just get an address from the VZ router, and not from an internal DHCP server?
Yes. If it's actually a WAP, it probably doesn't have a DHCP server, it's just like a switch but without the...wires. You can use a consumer wireless, turn off the DHCP server, and don't even bother with the WAN port.
The main thing is 5 about DHCP. You'd have to set up portfowarding to get DHCP to assign through the Netgear, but I don't think you want to do that. You just want them to get DHCP from the VZ router right?
I hope this makes sense