F5F Stay Refreshed Power Users Networks Learn the steps to configure your network correctly.

Learn the steps to configure your network correctly.

Learn the steps to configure your network correctly.

Pages (2): 1 2 Next
B
Bipbipdu62
Junior Member
Find
10
08-09-2016, 09:30 AM
#1
Hello! In this scenario, you're managing flats within the same building where each has its own subnets. The basements contain shared servers, and you're using an ISP that supports dual stack. You plan to use an Ubiquiti Dream Machine Pro as a layer 3 switch, with two USW-Pro-24 switches acting as layer 3 switches. The modem is NAT-less so the router receives its public IP through the WAN port. Your main concern is isolating the two flat networks while still sharing servers and internet access. Since you lack subnetting or VLAN experience, focus on setting up proper routing rules to keep the networks separate yet connected. Review the diagram below for clarity. What advice would you give for basic routing configurations? Thank you!
Reply
Reply
B
Bipbipdu62
08-09-2016, 09:30 AM #1

Hello! In this scenario, you're managing flats within the same building where each has its own subnets. The basements contain shared servers, and you're using an ISP that supports dual stack. You plan to use an Ubiquiti Dream Machine Pro as a layer 3 switch, with two USW-Pro-24 switches acting as layer 3 switches. The modem is NAT-less so the router receives its public IP through the WAN port. Your main concern is isolating the two flat networks while still sharing servers and internet access. Since you lack subnetting or VLAN experience, focus on setting up proper routing rules to keep the networks separate yet connected. Review the diagram below for clarity. What advice would you give for basic routing configurations? Thank you!

Reply
Reply
C
chloJ
Member
Find
237
08-09-2016, 04:20 PM
#2
I hope those addresses aren't the real subnets...
Reply
Reply
C
chloJ
08-09-2016, 04:20 PM #2

I hope those addresses aren't the real subnets...

Reply
Reply
K
Kapla_
Junior Member
Find
4
08-19-2016, 09:04 AM
#3
Hello, your response is appreciated! Yes, these are just illustrations.
Reply
Reply
K
Kapla_
08-19-2016, 09:04 AM #3

Hello, your response is appreciated! Yes, these are just illustrations.

Reply
Reply
K
KriGen39
Member
Find
53
08-20-2016, 12:49 PM
#4
No, subnets are not allowed in private networks.
Reply
Reply
K
KriGen39
08-20-2016, 12:49 PM #4

No, subnets are not allowed in private networks.

Reply
Reply
R
RabbitKiller99
Member
Find
140
08-20-2016, 01:47 PM
#5
I mentioned it to simplify things, but in truth these addresses use different subnets such as 192.168.0.0/24 and 192.168.1.0/24. Thanks for bringing that up, though it isn't the main issue...
Reply
Reply
R
RabbitKiller99
08-20-2016, 01:47 PM #5

I mentioned it to simplify things, but in truth these addresses use different subnets such as 192.168.0.0/24 and 192.168.1.0/24. Thanks for bringing that up, though it isn't the main issue...

Reply
Reply
V
Velizar06
Posting Freak
Find
865
09-07-2016, 10:56 AM
#6
I meant to clarify a point I made earlier. Let me break it down simply: I was trying to describe something, but I didn’t fully explain it. Now I’ll make sure it’s clear for you.
Reply
Reply
V
Velizar06
09-07-2016, 10:56 AM #6

I meant to clarify a point I made earlier. Let me break it down simply: I was trying to describe something, but I didn’t fully explain it. Now I’ll make sure it’s clear for you.

Reply
Reply
_
_Sawe_
Junior Member
Find
44
09-08-2016, 10:06 PM
#7
In April 2012, IANA assigned the range 100.64.0.0/10 (from 100.64.0.0 to 100.127.255.255 with a netmask of 255.192.0.0) for carrier-grade NAT situations. This segment isn't suitable for private networks or public Internet use. This information might assist the OP referenced in the provided link.
Reply
Reply
_
_Sawe_
09-08-2016, 10:06 PM #7

In April 2012, IANA assigned the range 100.64.0.0/10 (from 100.64.0.0 to 100.127.255.255 with a netmask of 255.192.0.0) for carrier-grade NAT situations. This segment isn't suitable for private networks or public Internet use. This information might assist the OP referenced in the provided link.

Reply
Reply
T
ThatMiningGuy
Senior Member
Find
704
09-09-2016, 06:57 AM
#8
Yes, you can return to your original question.
Reply
Reply
T
ThatMiningGuy
09-09-2016, 06:57 AM #8

Yes, you can return to your original question.

Reply
Reply
G
Gizzy_Bro
Junior Member
Find
5
09-10-2016, 08:39 PM
#9
The IPv4 Internet doesn't rely on these addresses. Yes, but no. Your issue lies in translating your project to reality. The sample you provided isn't practical because the subnets for Flat 1 and Flat 2 aren't compatible. "It's not the same" is enough—it still works—but eventually it breaks down. Things like connecting to Microsoft or government servers won't function properly. For switches, all VLANs must be recognized; otherwise, traffic can't pass. On SFP ports, every VLAN needs proper tagging. At Flat 1, only Flat 1 VLAN should remain untagged on other ports, while Flat 2 must be blocked. Similarly, at Flat 2, only its VLAN should stay untagged, and others should be blocked. Then apply firewall rules between subnets. Subnetting is key—no exceptions. No one should access switch management or servers from either flat. This requires expert help whenever needed. It's all volunteer effort. Being selective can seem rude sometimes.
Reply
Reply
G
Gizzy_Bro
09-10-2016, 08:39 PM #9

The IPv4 Internet doesn't rely on these addresses. Yes, but no. Your issue lies in translating your project to reality. The sample you provided isn't practical because the subnets for Flat 1 and Flat 2 aren't compatible. "It's not the same" is enough—it still works—but eventually it breaks down. Things like connecting to Microsoft or government servers won't function properly. For switches, all VLANs must be recognized; otherwise, traffic can't pass. On SFP ports, every VLAN needs proper tagging. At Flat 1, only Flat 1 VLAN should remain untagged on other ports, while Flat 2 must be blocked. Similarly, at Flat 2, only its VLAN should stay untagged, and others should be blocked. Then apply firewall rules between subnets. Subnetting is key—no exceptions. No one should access switch management or servers from either flat. This requires expert help whenever needed. It's all volunteer effort. Being selective can seem rude sometimes.

Reply
Reply
H
hrgriff
Senior Member
Find
573
09-11-2016, 01:18 PM
#10
I'm imagining a shared setup within two family homes, not splitting flats for third parties. For clarity, I'd place the ISP network inside the server room, routing through your router/firewall to three separate subnets: servers, flat1, and flat2. Flat1 and flat2 should connect to the servers without direct communication, using dedicated IPs only for their intended services. If you need to allow access from flat1 to the servers, set up firewall rules carefully. However, heavy traffic like network shares can stress the firewall, so I favor keeping everything within a single VLAN for simplicity. I'm careful about details—just make sure the numbers match what you're asking.
Reply
Reply
H
hrgriff
09-11-2016, 01:18 PM #10

I'm imagining a shared setup within two family homes, not splitting flats for third parties. For clarity, I'd place the ISP network inside the server room, routing through your router/firewall to three separate subnets: servers, flat1, and flat2. Flat1 and flat2 should connect to the servers without direct communication, using dedicated IPs only for their intended services. If you need to allow access from flat1 to the servers, set up firewall rules carefully. However, heavy traffic like network shares can stress the firewall, so I favor keeping everything within a single VLAN for simplicity. I'm careful about details—just make sure the numbers match what you're asking.

Reply
Reply
Pages (2): 1 2 Next