2 subnets same LAN and LAN port



  • So I have recently needed to have two separate LANs talk to eachother and allow internet traffic from both. Basically I build rack full of gear and get everything talking to each other and running updates etc. then the client will give me a list of IP's that the equipment will use in the production environment in our case our office is on 192.168.10.x and then I receive an email that says the subnet we have been provided by the clients network is 10.200.100.x so I have to migrate that stack over to the final destination. This means that I loose connectivity internet and remote connectivity to the boxes since we are now on different subnets. How can I program pfSense to cross route that traffic and give us internet to those devices? Office network has two VLANs 100 for PCs and 200 for VoIP Phones. I think essentially I want to have the second subnet also on VLAN 100?


  • LAYER 8 Moderator

    Hi,

    production environment in our case our office is on 192.168.10.x and then I receive an email that says the subnet we have been provided by the clients network is 10.200.100.x so I have to migrate that stack over to the final destination

    Why if I may ask do you do that in the first place? When I was last working in some sort of local computer retailer where we built the client and servers for a company and then integrated them on premise, we got our infos beforehand and set things up from the start. Doesn't make sense to me to configure systems in your network and set up services, IPs, etc. only to reconfigure them again when you finally get the net details from your client?

    But besides that, you can do that - run a second IP range on the same LAN as your normal network. But you shouldn't as there are enough things, that are working with auto discovering etc. that would impact your normal LAN, too. I'd completely separate those networks and create a new VLAN (110? 300?) with a "build" or "test" network. There you can define any IP range you like, block access to the LAN and VoIP network but otherwise let traffic flow out normally to e.g. do your installations, setups and updates before completion. And if you have a "test" network like that, it's easy to reconfigure to your clients specifications. We do that all the time with such an extra (VLAN) interface that is only for the usage above. We configure the client's or upstream's IP and set it up as the hardware would see it at the target site.

    If you want to use that network on your LAN regardless any other problems that may bring, check for "Virtual IP" and create an alias IP within the network you get from your client, then you can set up the devices accordingly but don't forget to create matching firewall rules, too (LAN net won't cover networks from Alias IPs so you have to match the source or use */any).

    Greets


Log in to reply