How to Connect 2 Different LAN

jaabi379 · Apr 9, 2013

I'm in a Office where 192.168.2.1 Network with a Router and Switch with 10 people. On the Same Floor, there is another Company, with 192.168.1.1 Network with a Router and switch with 16 People. Both Company is Under One Management. Then also using different Internet.

Now planning to Purchase FOCUS ERP Software with One License to use on both Company.

How can I connect this two network, so when I ping from 192.168.1.1 to 192.168.2.1 , I get Pinged?

Please help. I can pull the Network cable from here to there.

dbgd · Apr 30, 2014

eibgrad :

If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

[192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.

Hi,
Thank you for your clear and helpful explanation.
My question is: why do we need a third (shared) router?
Isn’t it enough just to connect a network cable from LAN to LAN and setup static routes on each router?

eibgrad · Apr 30, 2014

dbgd :

There's a general networking principle at play here. If you have two separate networks, each w/ its own ip scope (e.g., 192.168.1.x and 10.0.0.x), and presumably each w/ its own gateway/ISP, you can't just simply connect them LAN to LAN and expect things to work correctly. It’s entirely possible that DHCP request from each network might be responded to by the other network’s DHCP server. Plus, you can’t control precisely who can and can’t access which resources.

IOW, by connecting them LAN to LAN, you have, by definition, made them part of the same physical network. That’s not typically what you want. You merely want to ***route*** between the two networks. And how do you do that? Answer, you use a router!

Now that said, you have several options in how you implement that router. One is to literally get another router device. Another (and something you would most likely see in a business setting) is to create a VLAN on one of the routers, then connect those routers VLAN to LAN, add static routes, firewall rules, etc. IOW, do it in software. Either way, it’s a router. But since it’s presumptuous to assume VLAN are available, it’s just prudent to recommend a new router device since that will always work.

This is actually a very simple problem. All you’re doing is trying to find a way to get from one network to another. And you do that via routing. And a router is the mechanism/device that makes routing possible. There’s not a lick of difference in what is needed to route between two local networks and what it takes to route between your local network and the internet.

dbgd · May 1, 2014

Thank you for taking the time to explain this to me.

This is the part I was missing:

eibgrad :

Before you explained it to me I thought that each DHCP server can only respond to its own local ip scope.

Once again, thank you for your clear and helpful explanation.

dbgd · May 15, 2014

Daniu :

I've tried following these instructions step-by-step, but I think I'm missing something.

This is what I did:
[Router 1] (192.168.2.1) (LAN) <-----> (WAN) (192.168.2.240) [Shared Router D-Link 655] (10.2.7.240) (LAN) <-----> (LAN) (10.2.7.1) [Router 2]

Router 1 set the Shared router to static IP 192.168.2.240 and has the static route:
Destination: 10.2.7.0
Mask: 255.255.255.0
Next Hop: 192.168.2.240
Router 2 set the Shared router to static IP 10.2.7.240 and has the static route:
Destination: 192.168.2.0
Mask: 255.255.255.0
Next Hop: 10.2.7.240

From LAN 1 (192.168.2.x) I can ping the Shared router at 192.168.2.240
From LAN 2 (10.2.7.x) I can ping the Shared router at 10.2.7.240

However that's where the communication stops. I can't ping anything on LAN 2 from LAN 1, or vice versa.

Do I need static routes inside the Shared router too? Or is the D-link router not appropriate for this test?

I think the D-link is probably the problem because I think NAT cannot be disabled and it may be interfering with WAN-port functionality.

Hi,

I’m having the same problem, were you able to figure out the solution?

Thanks

Shreeyash Attal · Jul 21, 2014

eibgrad :

jaabi379 :

You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

jaabi379 :

Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

Destination: 192.168.2.0
Mask: 255.255.255.0
Gateway: 192.168.1.2

What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

Destination: 192.168.1.0
Mask: 255.255.255.0
Gateway: 192.168.2.2

What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

jaabi379 :

The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

jaabi379 :

Sorry, I don’t understand the question (or if it even is a question).

thanks for the detailed explanation.. this really helped however I have a question..

My question is why use 192.168.1.2 and 192.168.2.2 as gateways? should we not use 192.168.1.1 and 192.168.2.1 as those will be the ip addresses of the routers?

DILVAM · Jul 21, 2014

UrbanMyth :

jaabi379 :

Assume
Gateways are 192.168.1.253 and 192.168.2.253
New server on 192.168.1.252

You need a "route" between the two networks that is set up on the routers. Your routers are key, as generally only enterprise class routers support what you need:

On the ..1. network where the new server is, one port on the router need to be given a reserved IP address from the ..2. network - call it 192.168.2.251. NOTE this is a PORT on the 192.168.1.253 router. Cable this port back to the switch on the ..2. network.

On the ..2. network you then need to define a route for traffic from that network to traverse to the new server .1.252 VIA the port on the ..1. network you just set up (192.168.2.251). Depending on the router, that might need to be an entry for each client, or an overall route on a mask...

I've done this on Nortel kit connected to just about anything, and using WatchGuards. It is possible to do the routing at a point inside the router if you have a hardware proxy or firewall with added capabilities.... I believe it's also possible using small specialist routers running pfsense/iptables/monowall etc which are *way* cheaper than WatchGuards or Nortel routers

.

Good luck

noormohkam · Aug 8, 2014

If you have not bought the erp software , consider buying allrounder ERP which doesnt have a license problem , like this.
they trust the clients. so as long as you use it for your company , you need only one license. and it is cloud based 3 tier ERP.
there is a Job costing module , if your company needs to track and control Jobs

if you are interested , the following is their contact.

9895380516
Pradeep V.K

Regards
Noor M.K

6707099936 · Sep 29, 2014

I know it's way to late in the game, but the whole "subnetting" 192.168.1.x and 192.168.2.x as two seperate "C" class networks isn't required with CIDR (Classless interdomain routing designed to pump life into IPv4) so feel free to run 192.0.0.1 all the way upto 192.255.255.254

And it's as legit to split a 10.0.0.1 to 10.0.0.255 class "C" if you want. As for frills and perks to having 2 seperate DHCP servers there MAY be. Just make sure the "scope" (techie term for assigned overlap) doesn't conflict. Many Higher featured "A and C/N" routers have "guest" networks which is a godsend if you take the time to set it up secure. Think of overlapping layers of securtiy. First you need that Crummy WEP only Verizon terd they handed off to you, which cant dreram about security let alone accomplish that. So start with the weakest OUT. Another pet gripe is damn kids and their "have-to-have-UPnP" so they can play (So malware has the freedom to port forward whatever/whenever////) but don't give up hope. Lock each progressive layer down tighter with strict rules (No auto PortForward, No keeping the use of root logons or standard port "22" anyway and that's pretty much the ONLY port you need so port knocking could diguese it by allowing a time window for a sucessful logon. Any other port can be tunneled over SSH and should be anyway. And in my insanity and unwillingness to accept I was CLEAN HACKED for following all this I should have created keypairs and not used passwords. That was my downfall... I don't give a rats ass as of now as I have already lost my job over the CIA putting biochemo-nanotechnology into my body (It's a Old Nazi Mind control thing with Dr Olsen jumpin out a window in the 60's plus a real eye opener in what IS possible NOW. (Off topic but Samsung G5, toss it in the trash along with TV, edcucation, "NO KID LEFT BEHIND") so they at least gave a me a laugh about the "Flash Player Update which running linux got the joke...)" and as I was typing in the dark they substituted my backspace key or a ")" so yeah..... the hard locked (well a solf-brick Netgear WNDR4300) Ohh... BTW always make straight through cables BUT be carefull as they're many different color organazations and all seem legit so if you start the job should finish it. Can also go for nonstandard subnetting like 192.128.0.0 subnet 255/128/0/0 to 192.255.255.254 subnet 255/128/255/255. RFC's should be gone back over and well... Clarified!

kikoman69 · Dec 7, 2014

I have the same issue,

I'm trying to connect lan of other company to ours in same floor.. the thing is i only want them to access 1 folder and nothing else. and same goes to them. is that possible?

Alabalcho · Dec 8, 2014

kikoman69 :

Please do not hijack a thread year-and-half old!

What you will be sharing on that folder? Files? Databases?
Have you considered something like Dropbox?

kikoman69 · Dec 8, 2014

Alabalcho :

Well, big files. minimum of 10 - 20gb per file. the thing is i only need to view certain files so instead of going all the way to their office and burrow a computer to view a file, I could just open it here via network then send them a message regarding my opinion on whatever the file is about.

but the thing is like i said i dont want them to access another file on my server and also my internet. is that possible?

Alabalcho · Dec 8, 2014

If you are just going to "view" the file, may be remote-desktop solution will be better idea. Moving 20gb file, even on fast network, will take some time.

Marco_ar · Jan 14, 2015

eibgrad :

Hi "Eibgrad" and folks.

I’ll start asking for excuses about my poor english. I’m a Brazilian guy and I don’t use to write or talk in english often. So, if I made mistakes, please forgive me.

I’m client of an ISP/IPTV provider that impose me to use a router (they lend this router to the clients) but this is not enough for my needs – specially because the Wireless Radio poor coverage. This “imposing” occurs because this D'Link (DMG-6661) personalized router have some configuring features which are not usual in a ordinary domestic router – like vLan’s setup, etc.

So, I used the "PPPoE PassThrough" to by pass the authentication to another router that I bought and – this way - my LAN needs were satisfied.

But, on the IPTV side, I have lost some features from the set top box that uses Internet traffic.

My present setup is:

a-) Company’s router have a Class C LAN configured at 192.168.1.x range with DHCP on 192.168.1.200 to 254 for itself because the 3 set top boxes.

b-) my own router does the PPPoE authentication and its LAN is configured on the 192.168.0.X range --- managing about 12/15 devices/clientes (eg laptops, smartphones, Smart Tv’s, etc...).

What I’m needing now?

Transfer to Company’s Router (192.168.1.1) – from my own router - the WAN connection, recovering those interactive features that I lost.

I’m not networking experienced and all my last tries failed.

Reading this topic I guessed if "Eibgrad" solution could work for me? But I’m preferring to ask before spent more money buying the “shared router" to get no sucess.

If any ideas / advices ... I’ll be grateful

Thanks in advance.

eibgrad · Jan 14, 2015

Marco_ar :

This is a very different problem from the OP. And it deserves its own thread. But I’ll make an attempt.

What you have from the ISP is a special modem+router that supports VLANs. The ISP requires that certain services have their own unique public IP (e.g., IPTV) separate from your other internet services (browsing, email, etc.). And that’s done by tagging the traffic so that your modem+router can distinguish one type of traffic from another, then direct that traffic out the apppropiate VLAN and associate port(s).

But now you’ve decided to reconfigure the ISP’s modem+router into only a modem (i.e., bridge mode) and now YOU have to take responsibility for dealing w/ that tagged VLAN traffic. But that assumes a) you have a VLAN capable router and b) you know how to configure VLANs and tagging. That may be more than you’re currently capable of both in terms of hardware and skills.

That’s why it’s probably better that you DON’T bridge the ISP’s modem+router, and instead just connect your new router to the LAN port(s) designated for general purposes, and connect the other port(s) to their specific services (e.g., IPTV). Not unless you can give me a very specific reason this doesn’t work for you. Because setting up VLANs and tagging is a complex process.

Marco_ar · Jan 15, 2015

Edited

Marco_ar · Jan 15, 2015

eibgrad :

Hi "Eibgrad"

Thanks for replying.

You’re complete right when you said to open new thread and I already did it.

You’re complete right again when say that I have not enough networking skills to deal with vLans. And that’s because I’m looking for some help.

And I guess I also wasn’t clear enough to clarify the situation.

Like I already told to “provider” clients support, - nobody must be an Electrician Engineer to be able to have a refrigerator at home. But I cannot be obliged to accept a “free refrigerator” that doesn’t make me “ice”!!!

The Provider installed a Fiber Optic Modem that connects to their custom DLink DMG-6661. This router, like I said, offers some unusual features – like vLans tagging, Coaxial HPNA support to set top boxes signals), etc.

But it’s unable to:

- wireless stream 2 (or more) simultaneous HD videos;
- using LAN to LAN the wireless doesn’t transfer anything more than 50mbps – slower than downloading from internet (100mbps my link). Backing up is a pain in the ….
- 5Ghz radio doesn’t connects anything far from more than 10 feet and 2,4Ghz coverage is a (bad) joke.

I tried to use the HPNA cabling + Range Extenders but the bandwith was not enough to WAN and IPTV demands. IPTV signal freezes.

That’s why I bypassed PPPoE authentication transferring WAN (vLAN 10 tagged through DMG-6661 gigabit switch) traffic to another (and better) router. I bought a D Link DIR-850L for compatibility which is sold to 200m² (667 ft²) coverage, AC1200 mbps with free cloud services and others cosmetics.

But, these cloud services depends on DIR-850L being directly connected to the WAN. If bridging - cloud services doesn't works. Double NAT issues (I guess).

This is my specific reason to not bridging.

So, my networking needs was totaly satisfied with.

But, the interactive features from the set top boxes were lost. It needs WAN traffic that DMG-6661 are not doing anymore.

Finally, I’m trying to get a way to send WAN traffic from DIR-850L to DMG-6661.

- I connected both using LAN to LAN ports and both networks (192.168.1.x and 192.168.0.x) dropped.
- I connected a third router (DLink DIR-524) creating another LAN (192.168.2.x) from the DIR-850L - LAN to WAN ports - and to DMG-6661 using LAN to LAN ports. Nothing again. LAN 192.168.0.x (DIR-850L doesn’t dropped). LAN 192.168.1.X (DMG-6661 also doesn’t dropped). But no WAN on DMG-6661.

Now I’m guessing about “advanced routing rules” to solve this question. But I don’t know how to.

I guess I’m close to deal with this issue but DLink and “Telefonica Brasil” doesn’t offer quality technician support.

Am I wrong thinking “static routing” could solve if using this “third (shared) router”???

Juan Dela Cruz · Jun 12, 2015

jaabi379 :

Your Problem is simple. If you can pull LAN cable between the two networks, just have a switch hub and only one router that provides DHCP (say the 192.168.1.1 router gate way only that provides 192.168.1.2 to 192.168.1.250 IP addresses) with fast internet on that router. Computer stations + Servers not yet exceeded 250 right? You can do this.

Maddy07 · Jun 29, 2015

eibgrad :

dbgd :

There's a general networking principle at play here. If you have two separate networks, each w/ its own ip scope (e.g., 192.168.1.x and 10.0.0.x), and presumably each w/ its own gateway/ISP, you can't just simply connect them LAN to LAN and expect things to work correctly. It’s entirely possible that DHCP request from each network might be responded to by the other network’s DHCP server. Plus, you can’t control precisely who can and can’t access which resources.

IOW, by connecting them LAN to LAN, you have, by definition, made them part of the same physical network. That’s not typically what you want. You merely want to ***route*** between the two networks. And how do you do that? Answer, you use a router!

Now that said, you have several options in how you implement that router. One is to literally get another router device. Another (and something you would most likely see in a business setting) is to create a VLAN on one of the routers, then connect those routers VLAN to LAN, add static routes, firewall rules, etc. IOW, do it in software. Either way, it’s a router. But since it’s presumptuous to assume VLAN are available, it’s just prudent to recommend a new router device since that will always work.

This is actually a very simple problem. All you’re doing is trying to find a way to get from one network to another. And you do that via routing. And a router is the mechanism/device that makes routing possible. There’s not a lick of difference in what is needed to route between two local networks and what it takes to route between your local network and the internet.

Your explanation is very very helpful thanks for that
my question though is if I want to go about it using software i.e creating a VLAN and then connecting it to the LAN
The scenario Im dealing with is that the two networks that I have to connect are in two different buildings a mile apart.
so how do I connect the VLAN to the LAN in my case

usernamemanresu · Jan 29, 2016

6707099936 :

I know it's way to late in the game, but the whole "subnetting" 192.168.1.x and 192.168.2.x as two seperate "C" class networks isn't required with CIDR (Classless interdomain routing designed to pump life into IPv4) so feel free to run 192.0.0.1 all the way upto 192.255.255.254

And it's as legit to split a 10.0.0.1 to 10.0.0.255 class "C" if you want. As for frills and perks to having 2 seperate DHCP servers there MAY be. Just make sure the "scope" (techie term for assigned overlap) doesn't conflict. Many Higher featured "A and C/N" routers have "guest" networks which is a godsend if you take the time to set it up secure. Think of overlapping layers of securtiy. First you need that Crummy WEP only Verizon terd they handed off to you, which cant dreram about security let alone accomplish that. So start with the weakest OUT. Another pet gripe is damn kids and their "have-to-have-UPnP" so they can play (So malware has the freedom to port forward whatever/whenever////) but don't give up hope. Lock each progressive layer down tighter with strict rules (No auto PortForward, No keeping the use of root logons or standard port "22" anyway and that's pretty much the ONLY port you need so port knocking could diguese it by allowing a time window for a sucessful logon. Any other port can be tunneled over SSH and should be anyway. And in my insanity and unwillingness to accept I was CLEAN HACKED for following all this I should have created keypairs and not used passwords. That was my downfall... I don't give a rats ass as of now as I have already lost my job over the CIA putting biochemo-nanotechnology into my body (It's a Old Nazi Mind control thing with Dr Olsen jumpin out a window in the 60's plus a real eye opener in what IS possible NOW. (Off topic but Samsung G5, toss it in the trash along with TV, edcucation, "NO KID LEFT BEHIND") so they at least gave a me a laugh about the "Flash Player Update which running linux got the joke...)" and as I was typing in the dark they substituted my backspace key or a ")" so yeah..... the hard locked (well a solf-brick Netgear WNDR4300) Ohh... BTW always make straight through cables BUT be carefull as they're many different color organazations and all seem legit so if you start the job should finish it. Can also go for nonstandard subnetting like 192.128.0.0 subnet 255/128/0/0 to 192.255.255.254 subnet 255/128/255/255. RFC's should be gone back over and well... Clarified!

subnet 255.128.255.255 ?

I need some of what you're on...

How to Connect 2 Different LAN

Honorable

Reputable

Splendid

Reputable

Reputable

Reputable

Reputable

Reputable

Reputable

Reputable

Titan

Reputable

Titan

Reputable

Splendid

Reputable

Reputable

Reputable

Reputable

Reputable

Share this page