Simple VPN Setup

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Simple VPN Setup

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Simple VPN Setup
Simple VPN Setup
2018-03-29 22:04:57 - last edited 2021-04-20 11:54:47
Model :

Hardware Version :

Firmware Version :

ISP :

Good Morning,

I have a client with a T1600G-52PS switch. The switch is connected to a Comcast Gateway for internet connectivity. They are renting an office to a tenant who has 2 computers and 1 printer. They want to provide Internet and peer to peer network connectivity for them.

My thought was to run a cable to the tenants office from port 47 of the T1600 and place a cheap 5 port switch there to plug the 3 devices into. I need to isolate that port from the other computers and equipment of the landlord. For the life of me I can't understand how to make this work. My thought was setup a vlan but 10 hours of youtube videos later i'm still confused. Is there a step by step on how this is done? Will they need their own router?

Thanks
  0      
  0      
#1
Options
1 Reply
Re:Simple VPN Setup
2018-04-01 01:14:47 - last edited 2021-04-20 11:54:47

RonMidwest wrote

Will they need their own router?


Yes, a separate router (or a VLAN-aware router, which is a logical separate router, albeit physically only one device) is usually needed for two separate networks. Remember, VLANs is a mechanism to re-use the same physical cables/switches/routers for two or more networks. Thus, VLANs only exist inside the network switching/routing infrastructure. Regarding it's edge interfaces (WAN1, WAN2, LAN1, LAN2) the VLANs are split up into separate networks much like you would have each network device twice with separate physical cables.

But if the router lets you create two separate LANs and supports VLANs, you can easily share the single WAN interface between two isolated LANs.

If the router isn't VLAN-aware and/or lets you not create additional LANs, you could assign a limited set of IPs to the tenant and use Access Control Lists (ACLs) together with VLANs to separate the tenant's devices from the rest of the LAN network. But I don't recommend this, I always set up two or more separate LANs to create isolated subnets.

BTW: although VLANs can be used to isolate subnets from each other, they are not a VPN, which usually use tunneling techniques.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options