Two VLANs, One Subnet
torriem at chem.byu.edu
Thu Mar 8 20:35:57 MST 2007
On Thu, 2007-03-08 at 19:46 -0700, Hans Fugal wrote:
> Can you tell I'm reworking my LAN?
> I have a public /29 subnet, meaning I get 6 public IPs. Amazingly
> enough, I have 6 devices that could use a public IP. Perhaps even more
> astounding, I on occasion have more devices that get a private IP in the
> range 172.17.0.0/24.
> Here is how I want things to work:
> ISP -- cisco -- openwrt -- LAN
> cisco, openwrt, and 4 devices in the LAN have public IP addresses in the
> same /29 subnet. I want openwrt to do NAT (as needed for the private
> subnet), routing, and firewall.
NAT is your answer. Your router would then NAT any of the /29 subnet to
a specific set of private IP addresses, in and out. This is clean,
doesn't require a complicated routing table on the clients, and is how
it would be normally be implemented in an enterprise anyway. We do this
on a large scale at work with a Cisco PIX (save your money; linux makes
a better firewall and has more throughput too) and our internal network,
all done on Cisco routers and switches.
You can do this by either creating 4 virtual interfaces on the openwrt
box, or using some kind of proxyarp solution.
> I also want to, if possible, limit the broadcast domains so that cisco
> and openwrt are separate. Therein lies the rub. Can I set up VLANs on
> openwrt and still route between everybody on the same /29 subnet?
> openwrt is a 6-port switch, basically. One port goes to the chip
> (router), which is in turn connected to the wireless interface. The WAN
> port and the other 4 ports are all on the same switch, and separated (or
> not) by the VLAN configuration.
> The Cisco is a beautiful thing but I want to do as little as possible
> with it.
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG