I have a customer who's looking to rent a couple offices out in his office condo
to sweeten the deal hes thinking of offering to share his DSL with the tenant
both are light internet users so I don't see a bandwidth issue but how can I segregate the network ?
all XP on my customers side so If I set him up as a distinct work group is that fairly safe ?
any other suggestions ?
seems like I did this before with two routers and different IP address schemes with DHCP on each
seems like that and the separate workgroups would be reasonably secure
Couple of ways of doing this. Cheap switch with vlans. Or segment with a couple of routers. I have had issues with some dsl modems and the ability to nat on the lan side so you may need to add an additional router.
----------/ > company A router
DSL modem
----------\ > company B router
Or
-------------------/ > company A router
DSL modem > router
-------------------\ > company B router
Changing the workgroup will not keep each company from traversing into the other companies users files.
there is a cable operator in my area NJ that hooks up a cablemodem 30M down 5M up with a Cisco Router with 5 outputs each one a totally seperate static IP
You have probably worked this out, but chaining two NATted firewalls together and giving them different IP ranges will help 10.x and 172.x ranges are good diverse Net numbers that are not likely to be guessed. Give the client the one further down the tree that way you can set blocking rules to prevent abuse. The better more expensive way is with something like a SonicWall or cisco 1800 series router which can assign two of its ports to two distinct address ranges, and not allow traffic between them but allow both to the internet. This would also give you better capabilities for logging, control and accountability. As far as the provider is concerned your client is responsible for anything that comes over that port, so he should take whatever precautions are warranted.
As said before you probably have this worked out.
This is for purely informational purposes.
The best product that I have found to do this application is a Sonicwall router with enhanced software on it. As of today the TZ 190 or TZ 210 enhanced would be the best bet. Be sure to get the unlimited nodes model.
With the enhanced software you can secure each individual lan port with seperate IP subnet's and prevent trafic from passing between the subnets under the firewall portion using a port shielded interface.
I hope this helps who finds it.
B.
For a small pair of offices even 25 nodes would be fine. You wouldn't have to spring for unlimited. If more devices than that were required sharing the DSL wouldn't be an enticement for the space. If an office with more than 5 employees can't spring for a DSL line on their own, something is wrong with the way they are running the business.
The reason why I suggested sonicwall in the first place is a basic unit without wireless would be great for this. The advantage over a Linksys or some such is never really needing to be rebooted. Similar could be done for nearly free with a junker PC running linux but there is a much stiffer learning curve.
You could also do this with a Cisco ASA 5505, you can have multiple vlans on the router and set security permissions between the network.
I would also second a Cisco ASA5505. Setting up VLAN's is very easy and very secure for each user.
Jim Cooper and CIT.
VLAN's do have there place but for a simple setup like this without the knowledge of an IT Pro or Network Engineer I would not advise that path.
Setting up VLAN's takes a little more than just programming a router to implement as you well know.
It isn't all that bad with the ASA, you can get it going with the SDM GUI