Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
0
Helpful
5
Replies

Need help linking two networks

DanielBrazil
Level 1
Level 1

‎10-03-2018 07:35 PM - edited ‎03-08-2019 04:18 PM

Hi,

 

I need to link two separate networks, but only one of them must "see" the other one. Let me explain.

 

I'll call my first network "SAFENET". It's connected to the internet (regular router w/ DSL) and it has two IP cameras and one NVR connected to it (through a Cisco Sf302-08p, cause there's not enough ports on the router). The NVR sends the images from the cameras to my cellphone wherever I go, through the internet.

 

Then there's another network that I'll call "OPENLAN". It doesn't have internet access, it's just a regular LAN, but there's a LOT of users connected to it. Also, there are two IP cameras on this network that I need to connect to my NVR, so I could access them on the go as well (and also record the images).

 

The problem is, while I need those two OPENLAN cameras to be seen by my NVR on SAFENET, I can't give OPENLAN users full access to the SAFENET network, not even to the NVR, otherwise I would have countless strangers using my internet connection and having free access to my NVR, which would ruin my private network safety.

 

So, is there a way that I could have SAFENET devices to "see" OPENLAN devices through the Cisco switch, while blocking OPENLAN from accessing SAFENET devices?

 

In my head, this could be solved by giving the Cisco Switch one IP address on the SAFENET network (i.e. 192.168.0.7) and one IP address on the OPENLAN (i.e. 192.168.1.7), and then figuring out a way to either port-forward the cameras from OPENLAN to SAFENET (so when my NVR connects to cisco 192.168.0.7:3333 it would actually connect to the IP camera on OPENLAN); OR giving SAFENET full access to the OPENLAN devices through Cisco, while OPENLAN clients would see any request as coming from the Cisco (therefore, they wouldn't have access to SAFENET at all). The second solution would be the best for me.

 

Does anybody know how to do this? This is so beyond my capabilities.

 

Note: SAFENET Router has only one WAN port, and it's connected to DSL. I only have access to a regular (client) port on the OPENLAN.

 

A made a drawing to illustrate the current configuration.

 

network architecture.jpg

 

I appreciate any help in advance.

 

Best regards,

 

Daniel.

 

Labels:
0 Helpful
5 Replies 5

johnd2310
Level 8
Level 8

‎10-03-2018 10:33 PM

Hi,

You will need a firewall to achieve your requirements. On the firewall you will create two zones, "SAFENET" and "OPENLAN".. You will then create  rules to allow only  "SAFENET" zone to initiate connections to "OPENLAN" and block "OPENLAN" from initiating connections to "SAFENET"

There are a number of firewall devices you can get depending on your budget. Let us know if you need help choosing the firewall

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

DanielBrazil
Level 1
Level 1
In response to johnd2310

‎10-04-2018 05:22 AM

Thanks for the reply, John. I can't get a firewall right know though.

 

Maybe I can have SAFENET on Uplink 1 (with the Switch being its client with IP 192.168.1.5) and OPENLAN on Uplink 2 (the Switch as client with IP 192.168.0.5), then set DHCP on ports 1-8, so Switch clients would get IP 192.168.2.x, and the default gateway would be the Switch itself with IP 192.168.2.1.

 

Then the default route for 192.168.2.x clients would be Uplink 1 (where the internet is), with a static route to 192.168.0.x (OPENLAN range), to Uplink 2.

 

Is that possible using only the Cisco Sf302-08p switch?

 

Thanks!

0 Helpful

johnd2310
Level 8
Level 8
In response to DanielBrazil

‎10-04-2018 02:11 PM

Hi,

 

It is not possible with a switch to  achieve your objectives. You need a firewall type device to achieve segregation of your network. If you cannot buy a firewall, you can use a open source firewalls.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

paul driver
VIP
VIP
In response to johnd2310

‎10-04-2018 11:59 PM - edited ‎10-05-2018 12:24 AM

Hello

 

@johnd2310 wrote:

Hi,

 

It is not possible with a switch to  achieve your objectives. You need a firewall type device to achieve segregation of your network. If you cannot buy a firewall, you can use a open source firewalls.

 

Thanks

John

@johnd2310 I tend to disagree that this isn't possible, It is possible to segregate two networks from a switch however in this case it might not be with THAT with that type of switch

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

paul driver
VIP
VIP

‎10-05-2018 12:19 AM - edited ‎10-05-2018 12:25 AM

Hello 
Do you have access to that openlan router?

One possible way depending on the feature sets of the router, Attach openlan rtr to the cisco switch then create a l3 interface of 192.168.0.0/x on openlan router then static pat for those two hosts only.

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents