F5F Stay Refreshed Power Users Networks Setting up a network inside another network involves configuring connections and security measures.

Setting up a network inside another network involves configuring connections and security measures.

Setting up a network inside another network involves configuring connections and security measures.

M
mcbudder2004
Senior Member
Find
687
08-15-2016, 02:37 AM
#1
I've been given a project to create a network layout for a compact CNC workshop. The goal is to keep it separate from the main LAN so future expansions can be handled simply. Each CNC station requires its own identical network segment, making it easy to replicate as more machines are added. The system must manage internal communication within each station while preventing interference between them. Since these units don’t need internet access, only temporary connectivity for updates is desirable. The sole external link from inside each cell should connect to a local server, which also needs internet and a computer on site to monitor status. Here’s an overview of the proposed setup: I’ve installed ARS-7235 NAT devices in every cell and placed another router at the network level to link to the main shop network. Regarding your concerns—this approach is logical for isolated control traffic and scalable design. For internet access, you can configure the local server to support DHCP or static IPs as needed.
Reply
Reply
M
mcbudder2004
08-15-2016, 02:37 AM #1

I've been given a project to create a network layout for a compact CNC workshop. The goal is to keep it separate from the main LAN so future expansions can be handled simply. Each CNC station requires its own identical network segment, making it easy to replicate as more machines are added. The system must manage internal communication within each station while preventing interference between them. Since these units don’t need internet access, only temporary connectivity for updates is desirable. The sole external link from inside each cell should connect to a local server, which also needs internet and a computer on site to monitor status. Here’s an overview of the proposed setup: I’ve installed ARS-7235 NAT devices in every cell and placed another router at the network level to link to the main shop network. Regarding your concerns—this approach is logical for isolated control traffic and scalable design. For internet access, you can configure the local server to support DHCP or static IPs as needed.

Reply
Reply
T
Tanhu
Member
Find
212
08-20-2016, 08:29 AM
#2
this approach is typical for internal machine configurations that don't need external connectivity. in an ideal scenario, you wouldn’t want random routers scattered throughout the area; this method offers a more reliable way to maintain a private subnet without depending on the existing infrastructure. regarding internet access: it’s straightforward—assign each router’s WAN interface an IP within the company LAN, with the main router acting as the default gateway. each device should use its local router as its default gateway. to prevent internet access, simply disconnect the cable connecting to the main network.
Reply
Reply
T
Tanhu
08-20-2016, 08:29 AM #2

this approach is typical for internal machine configurations that don't need external connectivity. in an ideal scenario, you wouldn’t want random routers scattered throughout the area; this method offers a more reliable way to maintain a private subnet without depending on the existing infrastructure. regarding internet access: it’s straightforward—assign each router’s WAN interface an IP within the company LAN, with the main router acting as the default gateway. each device should use its local router as its default gateway. to prevent internet access, simply disconnect the cable connecting to the main network.

Reply
Reply
I
iJamWN
Junior Member
Find
16
08-20-2016, 11:43 AM
#3
I believe this setup is quite problematic. It will become highly complicated, restrict functionality, demand significant hardware, and lack adaptability. Adjusting the network later would be extremely difficult. Imagine needing to enable API access for robots on two networks while disabling it on the third—this becomes a major hassle. I recommend assigning distinct IP ranges instead of relying heavily on NAT. A basic Fortigate combined with managed switches offers a much simpler, more flexible configuration. This approach provides clear traffic management, straightforward expansion options without constant hardware upgrades, and precise control over device permissions from one central interface.
Reply
Reply
I
iJamWN
08-20-2016, 11:43 AM #3

I believe this setup is quite problematic. It will become highly complicated, restrict functionality, demand significant hardware, and lack adaptability. Adjusting the network later would be extremely difficult. Imagine needing to enable API access for robots on two networks while disabling it on the third—this becomes a major hassle. I recommend assigning distinct IP ranges instead of relying heavily on NAT. A basic Fortigate combined with managed switches offers a much simpler, more flexible configuration. This approach provides clear traffic management, straightforward expansion options without constant hardware upgrades, and precise control over device permissions from one central interface.

Reply
Reply