Configure 2 different IP ranges on one LAN interface
-
Good morning everyone,
I would like to know how to configure 2 different IP ranges on one interface for my LAN. Example: 192.168.1.X / 24 for WiFi and a 10.20.20.X / 24 without using VLAN.I've been reading the option to use Virtual IP, but I don't know if it will do.
Thank you and forgive my ignorance.
-
If you use virtual IPs then only one subnet will be able to use DHCP. The other has to be manually configured. Also, if you try to connect to a device on the other subnet, you'll get ICMP redirects. Why do you want to do this?
-
Hello,
I want is to have 2 different networks on one interface without using VLANs. One for my LAN and one for the APs. -
I want is to have 2 different networks on one interface without using VLANs. One for my LAN and one for the APs.
It may be that this is your wish, but it's not the technical reality. If you want to separate IP ranges then you need proper VLANs or different hardware interfaces to connect to. Yes, you can add a IP Alias type of VirtualIP to your LAN interface but you don't have a clean proper setup and those IP ranges will intermix and overlap on the LAN. You don't configure two different networks on the same Layer2 network segment in a proper network setup, that's fact. Not even SoHo Routers let you do that because it's "wrong". This is no segmentation at all and a WiFi User could just change its IP manually to your LAN and access your devices so it makes no sense to do that in the first place.
Add problems with DHCP, NTP, DNS and the like on top of it and you may get the idea of what headache such a setup would bring with it. :)
-
@JeGr said in Configure 2 different IP ranges on one LAN interface:
It may be that this is your wish, but it's not the technical reality. If you want to separate IP ranges then you need proper VLANs or different hardware interfaces to connect to. Yes, you can add a IP Alias type of VirtualIP to your LAN interface but you don't have a clean proper setup and those IP ranges will intermix and overlap on the LAN. You don't configure two different networks on the same Layer2 network segment in a proper network setup, that's fact. Not even SoHo Routers let you do that because it's "wrong". This is no segmentation at all and a WiFi User could just change its IP manually to your LAN and access your devices so it makes no sense to do that in the first place.
Add problems with DHCP, NTP, DNS and the like on top of it and you may get the idea of what headache such a setup would bring with it. :)And if I use a new interface, do I configure the other IP range and connect it to the same switch?
-
@jgomez123 said in Configure 2 different IP ranges on one LAN interface:
And if I use a new interface, do I configure the other IP range and connect it to the same switch?
No, if you connect it to the same switch it would result in a loop being detected and one port shut down (if it's a decent switch) or a loop and flood (if it's a bad one). If you only want to hand out 10.x IPs via that Access Point, why not connect it to a new interface on your firewall directly?
Or check if your switch can acutally handle VLANs and set them up and "have fun the right way" ;) If you want network separation, that would be a good way to go.
-
@JeGr
Thanks for the info. I am going to try to configure a new interface in the FW and connect this new interface to the switch master, to interconnect with all the switches.