F5F Stay Refreshed Power Users Networks Learn the steps to configure your network correctly.

Learn the steps to configure your network correctly.

Learn the steps to configure your network correctly.

Pages (2): 1 2 Next
B
Bipbipdu62
Junior Member
10
08-09-2016, 09:30 AM
#1
Hello! In this scenario, you're managing flats within the same building where each has its own subnets. The basements contain shared servers, and you're using an ISP that supports dual stack. You plan to use an Ubiquiti Dream Machine Pro as a layer 3 switch, with two USW-Pro-24 switches acting as layer 3 switches. The modem is NAT-less so the router receives its public IP through the WAN port. Your main concern is isolating the two flat networks while still sharing servers and internet access. Since you lack subnetting or VLAN experience, focus on setting up proper routing rules to keep the networks separate yet connected. Review the diagram below for clarity. What advice would you give for basic routing configurations? Thank you!
B
Bipbipdu62
08-09-2016, 09:30 AM #1

Hello! In this scenario, you're managing flats within the same building where each has its own subnets. The basements contain shared servers, and you're using an ISP that supports dual stack. You plan to use an Ubiquiti Dream Machine Pro as a layer 3 switch, with two USW-Pro-24 switches acting as layer 3 switches. The modem is NAT-less so the router receives its public IP through the WAN port. Your main concern is isolating the two flat networks while still sharing servers and internet access. Since you lack subnetting or VLAN experience, focus on setting up proper routing rules to keep the networks separate yet connected. Review the diagram below for clarity. What advice would you give for basic routing configurations? Thank you!

C
chloJ
Member
237
08-09-2016, 04:20 PM
#2
I hope those addresses aren't the real subnets...
C
chloJ
08-09-2016, 04:20 PM #2

I hope those addresses aren't the real subnets...

K
Kapla_
Junior Member
4
08-19-2016, 09:04 AM
#3
Hello, your response is appreciated! Yes, these are just illustrations.
K
Kapla_
08-19-2016, 09:04 AM #3

Hello, your response is appreciated! Yes, these are just illustrations.

K
KriGen39
Member
53
08-20-2016, 12:49 PM
#4
No, subnets are not allowed in private networks.
K
KriGen39
08-20-2016, 12:49 PM #4

No, subnets are not allowed in private networks.

R
140
08-20-2016, 01:47 PM
#5
I mentioned it to simplify things, but in truth these addresses use different subnets such as 192.168.0.0/24 and 192.168.1.0/24. Thanks for bringing that up, though it isn't the main issue...
R
RabbitKiller99
08-20-2016, 01:47 PM #5

I mentioned it to simplify things, but in truth these addresses use different subnets such as 192.168.0.0/24 and 192.168.1.0/24. Thanks for bringing that up, though it isn't the main issue...

V
Velizar06
Posting Freak
865
09-07-2016, 10:56 AM
#6
I meant to clarify a point I made earlier. Let me break it down simply: I was trying to describe something, but I didn’t fully explain it. Now I’ll make sure it’s clear for you.
V
Velizar06
09-07-2016, 10:56 AM #6

I meant to clarify a point I made earlier. Let me break it down simply: I was trying to describe something, but I didn’t fully explain it. Now I’ll make sure it’s clear for you.

_
_Sawe_
Junior Member
44
09-08-2016, 10:06 PM
#7
In April 2012, IANA assigned the range 100.64.0.0/10 (from 100.64.0.0 to 100.127.255.255 with a netmask of 255.192.0.0) for carrier-grade NAT situations. This segment isn't suitable for private networks or public Internet use. This information might assist the OP referenced in the provided link.
_
_Sawe_
09-08-2016, 10:06 PM #7

In April 2012, IANA assigned the range 100.64.0.0/10 (from 100.64.0.0 to 100.127.255.255 with a netmask of 255.192.0.0) for carrier-grade NAT situations. This segment isn't suitable for private networks or public Internet use. This information might assist the OP referenced in the provided link.

T
ThatMiningGuy
Senior Member
704
09-09-2016, 06:57 AM
#8
Yes, you can return to your original question.
T
ThatMiningGuy
09-09-2016, 06:57 AM #8

Yes, you can return to your original question.

G
Gizzy_Bro
Junior Member
5
09-10-2016, 08:39 PM
#9
The IPv4 Internet doesn't rely on these addresses. Yes, but no. Your issue lies in translating your project to reality. The sample you provided isn't practical because the subnets for Flat 1 and Flat 2 aren't compatible. "It's not the same" is enough—it still works—but eventually it breaks down. Things like connecting to Microsoft or government servers won't function properly. For switches, all VLANs must be recognized; otherwise, traffic can't pass. On SFP ports, every VLAN needs proper tagging. At Flat 1, only Flat 1 VLAN should remain untagged on other ports, while Flat 2 must be blocked. Similarly, at Flat 2, only its VLAN should stay untagged, and others should be blocked. Then apply firewall rules between subnets. Subnetting is key—no exceptions. No one should access switch management or servers from either flat. This requires expert help whenever needed. It's all volunteer effort. Being selective can seem rude sometimes.
G
Gizzy_Bro
09-10-2016, 08:39 PM #9

The IPv4 Internet doesn't rely on these addresses. Yes, but no. Your issue lies in translating your project to reality. The sample you provided isn't practical because the subnets for Flat 1 and Flat 2 aren't compatible. "It's not the same" is enough—it still works—but eventually it breaks down. Things like connecting to Microsoft or government servers won't function properly. For switches, all VLANs must be recognized; otherwise, traffic can't pass. On SFP ports, every VLAN needs proper tagging. At Flat 1, only Flat 1 VLAN should remain untagged on other ports, while Flat 2 must be blocked. Similarly, at Flat 2, only its VLAN should stay untagged, and others should be blocked. Then apply firewall rules between subnets. Subnetting is key—no exceptions. No one should access switch management or servers from either flat. This requires expert help whenever needed. It's all volunteer effort. Being selective can seem rude sometimes.

H
hrgriff
Senior Member
573
09-11-2016, 01:18 PM
#10
I'm imagining a shared setup within two family homes, not splitting flats for third parties. For clarity, I'd place the ISP network inside the server room, routing through your router/firewall to three separate subnets: servers, flat1, and flat2. Flat1 and flat2 should connect to the servers without direct communication, using dedicated IPs only for their intended services. If you need to allow access from flat1 to the servers, set up firewall rules carefully. However, heavy traffic like network shares can stress the firewall, so I favor keeping everything within a single VLAN for simplicity. I'm careful about details—just make sure the numbers match what you're asking.
H
hrgriff
09-11-2016, 01:18 PM #10

I'm imagining a shared setup within two family homes, not splitting flats for third parties. For clarity, I'd place the ISP network inside the server room, routing through your router/firewall to three separate subnets: servers, flat1, and flat2. Flat1 and flat2 should connect to the servers without direct communication, using dedicated IPs only for their intended services. If you need to allow access from flat1 to the servers, set up firewall rules carefully. However, heavy traffic like network shares can stress the firewall, so I favor keeping everything within a single VLAN for simplicity. I'm careful about details—just make sure the numbers match what you're asking.

Pages (2): 1 2 Next