What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

arranpaul

New Around Here
Hi,
I am new to these forums, however, I recently found the snb articles on VLANs and would like to ask for some advice on building my next small office network.

I have two offices that are separated by about 550m across an open field, at the main office there is no ability to have an Internet connection, as in BT/ISPs will not run the required cabling to this location. This is office 1.

Office 2 has a good fibre optic Internet connection however it is not the main office. As a result of this I have installed a point to point link across the field in order to share the Internet connection from office 2 to office 1. This, however is where I'm unsure of how to configure my network properly. I would like to have both offices share the Internet connection but have independent LANs so that devices in office 1 cannot communicate or 'see' the devices in office 2 and vice versa. The PtP link acts as a L2 switch and is therefore transparent in the network. I would also like to have both networks controlled by their own independent DHCP servers with their own wireless network, router, etc. I would also like to implement some QoS so that I can limit the bandwidth available to office 2, as it doesn't require the same throughput as office 1. If anyone has some advice as to the equipment, setup and systems I could use to implement this I would be very grateful.

Thanks,
Arran
 
Why would you need a VLAN for this setup?

At Office 1, use a router with an DHCP scope within 192.168.0.0 - 192.168.255.255 and at Office 2 use a router with an DHCP scope within 172.16.0.0 - 172.31.255.255 or 10.0.0.0 - 10.255.255.255.

One network will not be able to 'see' the other unless the routers are programmed to do so.
 
Why would you need a VLAN for this setup?

At Office 1, use a router with an DHCP scope within 192.168.0.0 - 192.168.255.255 and at Office 2 use a router with an DHCP scope within 172.16.0.0 - 172.31.255.255 or 10.0.0.0 - 10.255.255.255.

One network will not be able to 'see' the other unless the routers are programmed to do so.
Thank you for your help! I assumed I would need a VLAN of some sort to separate the traffic between the two networks.

How do you think I would set this up in terms of splitting the Internet connection from the modem to the router in office 2 and then the PtP bridge and the router in office 1? Would I also be able to use some QoS? I assume I would also be able to throttle the bandwidth for office 2 in the router settings for that office.
 
@L&LD VLAN is the new fad just like VPN.

He actually has a use for VLAN. Seperating office 1 and office 2 is a common use and for good reasons too.

The easy way for this to work is to use a switch with vlan capability. Use tagged vlans on the network hardware all the way to the router and use passive vlans where the clients connect to it. Your configuration is simple. The router however needs to support tagged vlans so you can assign different networks to each. Consumer routers cant do this normally unless you use 3rd party firmware but if your office has gigabit internet than you'll have to use something like a ubiquiti edgerouter 8/pro or preferably a mikrotik RB1100AHx2 or CCR1009. The mikrotiks handle internet at gigabit speeds even with firewall and QoS configs but the ubiquiti edgerouters dont. Other solution is using a PC based router. This is assuming you neeed to replace your router and have gigabit internet. The router will treat each VLAN as an interface so you apply your configs on the vlan interfaces instead.

While you dont need VLANs it is preferable if you have both networks going through a single cable to the router.
 
Thank you for your help! I assumed I would need a VLAN of some sort to separate the traffic between the two networks.

How do you think I would set this up in terms of splitting the Internet connection from the modem to the router in office 2 and then the PtP bridge and the router in office 1? Would I also be able to use some QoS? I assume I would also be able to throttle the bandwidth for office 2 in the router settings for that office.

Does your ISP give you more than a single IP address (WAN)? Many ISP's do offer at least 2 IP's. If so, use a switch after the modem and feed one port to each router. Viola.

No need to mix the traffic together and then split it at all (with VLAN's). And, it can be done with a $20 GbE switch (4, 5 or 8 ports, but only use as many ports as your ISP provides IP addresses).
 
@L&LD VLAN is the new fad just like VPN.

He actually has a use for VLAN. Seperating office 1 and office 2 is a common use and for good reasons too.

No, VLAN's are not needed here. Even if the ISP doesn't give more than a single IP address to each customer.

Fads are not something to follow either. A solid network design is though.
 
Thanks for both of your help, I think I am about to grasp this.

I am familiar with the Ubiquiti EdgeRouters and I'd be happy to use one of those in the system. If I am following correctly I would have the fibre line connected to the EdgeRouter with three VLANs setup, one for the Internet, one for Office 1 (going to the PtP link and then the network switch in office 1) then, one for office 2, going to the switch in office 2. The EdgeRouter would then also support multiple DHCP servers to dish out IPs to the three VLANs. Does this sound correct? Also, would you anticipate there being any issue with the DHCP server being on the other side of a PtP link?

Unfortunately the double IP address providing two separate WANs is not an option as my ISP will not support that in my location.
 
Does your ISP give you more than a single IP address (WAN)? Many ISP's do offer at least 2 IP's. If so, use a switch after the modem and feed one port to each router. Viola.

No need to mix the traffic together and then split it at all (with VLAN's). And, it can be done with a $20 GbE switch (4, 5 or 8 ports, but only use as many ports as your ISP provides IP addresses).
This is the simple solution. You basically have a single isp and two clients--each really needs their own router--super simple with a second IP address and no vlan or configuration headaches. The KISS principle goes a long way in networking...
 
Thanks for both of your help, I think I am about to grasp this.

I am familiar with the Ubiquiti EdgeRouters and I'd be happy to use one of those in the system. If I am following correctly I would have the fibre line connected to the EdgeRouter with three VLANs setup, one for the Internet, one for Office 1 (going to the PtP link and then the network switch in office 1) then, one for office 2, going to the switch in office 2. The EdgeRouter would then also support multiple DHCP servers to dish out IPs to the three VLANs. Does this sound correct? Also, would you anticipate there being any issue with the DHCP server being on the other side of a PtP link?

Unfortunately the double IP address providing two separate WANs is not an option as my ISP will not support that in my location.

This sounds like a good design. Make sure to get an Edgerouter that can keep up with your internet speed. I assume by three VLAN's you actually mean 3 physical interfaces on the router supporting three different LAN's (actually 2 LAN and one WAN). Just from your description it did not sound like you are trying to run more than one LAN over a cable, where you would need VLAN's.
 
Thanks for both of your help, I think I am about to grasp this.

I am familiar with the Ubiquiti EdgeRouters and I'd be happy to use one of those in the system. If I am following correctly I would have the fibre line connected to the EdgeRouter with three VLANs setup, one for the Internet, one for Office 1 (going to the PtP link and then the network switch in office 1) then, one for office 2, going to the switch in office 2. The EdgeRouter would then also support multiple DHCP servers to dish out IPs to the three VLANs. Does this sound correct? Also, would you anticipate there being any issue with the DHCP server being on the other side of a PtP link?

Unfortunately the double IP address providing two separate WANs is not an option as my ISP will not support that in my location.
I just read this part about your ISP not providing
two IP addresses. Kinda a bummer, but not really. You can use any router that can support the ISP bandwidth and that does NAT to supply an IP address to each office. I'd recommend either the 10.x.x.x or 172.168.x.x subnets to minimize any interferance. This way, each office gets access to the Internet, and yet their own network is completely transparent to the other.

As far as the ptp link and dhcp, as long as it is basically line level speed for 100Mbit and has similarly low latency (<5ms), I don't think it would be an issue at all. Remember, DHCP still works well over the inheritly unstable concept of wifi (in terms of bandwidth and latency), so I think a solid ptp link will be fine.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top