How to build up a multi-nets network using the Multi-nets NAT feature on TP-LINK router with a L3 switch?

Sometimes we may need to divide an internal network into several subnets that can share the same gateway router for Internet connection. However, by default settings, TP-LINK router abandons packets whose source IP addresses are in different subnets from its LAN IP segment. So in order to achieve this, the gateway router is required to be able to translate (NAT) and deliver packets from LAN, but whose source IP addresses are in different subnets from LAN IP segment. Multi-nets NAT is the feature on TP-LINK router that makes this possible. But in order to divide an internal network into several subnets, we also need to use a L3 devices like a “traditional router”.
Here’s an example of how to build up a multi-nets network using the Multi-nets NAT feature on TP-LINK router with a L3 switch.
1.      Scenario

A company has three departments in a building, Marketing, Finance and Personnel. The requirements are as followings:
1) Each department is assigned to an individual subnet.
2) All the departments should be able to communicate with each other.
3) All the departments access Internet via the same gateway router.

2.      Network planning and topology:

1) Network address of each department:
Department
Network address
Marketing
172.16.10.0/24
Finance
172.16.20.0/24
Personnel
172.16.30.0/24
2)Topology:
In this scenario, TL-ER6120 acts as the Internet gateway router andT3700G-28TQ acts as the L3 switch.


3.      Configurations on the gateway router:

Step 1
Add a Multi-nets NAT entry for Marketing, Finance and Personnel respectively:
Step 2
Add a Static Route entry respectively for Marketing, Finance and Personnel:
Static route is necessary in order for the gateway router TL-ER6120 to know where to deliver the packets to IP addresses in different subnets (172.16.10.0/24, 172.16.20.0/24 and 172.16.30.0/24).
So far, we have finished the configuration on TP-LINK router TL-ER6120.Next We will continue the set up on the L3 switch T3700G-28TQ.

4.    Configurations on the L3 switch T3700G-28TQ:

According to the topology,4 subnets should be divided on T3700G-28TQ:
the system vlan1(subnet:192.168.0.0/24,vlan interface 192.168.0.11);
create vlan2 for Marketing(172.16.10.0/24,vlan interface 172.16.10.1);
vlan3 for Finance  (172.16.20.0/24,vlan interface 172.16.20.1);
vlan4 for Personnel(172.16.30.0/24),vlan interface 172.16.20.1;
Step 1
Since vlan1 is the default vlan, we only need to change the interface IP for vlan1 as 192.168.0.11.
Step 2
Create “802.1Q VLAN” for vlan2 for Marketing,vlan3 for Finance and vlan4 for Personnel, select the member ports. The port “link type” should be “Access”.
Step 3
Set the interface IP for vlan2,vlan3 and vlan4.
Step 4
Go to static routing and add the default route entry. Default route entry is indispensable, because IP packets to Internet whose destination IP is not in the direct routing table will be forwarded according to default route entry.

Do not forget to save the configuration!
With the topology and all the settings above, the three departments in different subnets can communicate with each other through the T3700G-28TQ and access the Internet via the gateway router TL-ER6120.


Comments

Post a Comment

Popular posts from this blog

DMASOFTLAB RADIUS MANAGER BILLING SYSTEM v 4.1 Finally Released

Image
DMASOFTLAB RADIUS MANAGER BILLING SYSTEM v 4.1 Finally Released  Filed under: Radius Manager — Tags: dmasoftlab radius manager new version , radius manager 4.1 — Waseem Anjum Meo @ 10:47 AM             5 Votes Finally DMA has released its new version for Radius Manager Billing System. Complete info can be found here. http://www.dmasoftlab.com/cont/revision   *** v 4.1.0 *** 2013-10-23 *** NEW FEATURES: ↓ -enhanced SMTP mailer with authentication and freely configurable port -SMS alert indicating the account is going to expire ** This was most DEMANDED   , Jz -support for BulkSMS HTTP->SMS gateway ** This was most DEMANDED   , Jz -alert type is selectable in user preferences (ACP / UCP) ** This was most DEMANDED   , Jz -enable traffic report per user in ACP even if global traffic report is disabled -service change is allowed for Hotspot MAC accounts -auto logout expired ACP sessions -FreeRadius 2.2.0 support -DOCSIS u
Read more

How To Configure Nano Station M2 As Access point

Image
Web Configuration Now that the hardware has been completely installed, it's time to configure the Bullet to act as a WiFi Access Point. Configuration is performed using your web browser by typing in  https://192.168.1.20 . You'll get a warning pop up stating that the device has presented an invalid SSL certificate due to the certificate being self-signed and not issued by a CA. This is normal so just hit accept/continue. You'll then need to log in with the default username and password of "ubnt". Configure the Wireless tab The first step is to configure the Wireless tab so the Bullet acts as a WiFi Access Point. Change the settings according to the below picture. Be sure to set the device up with WPA2 security and an appropriate WiFi password here. You can also use this tab to adjust the power output should you wish to cover a smaller area. The default channel bandwidth is 40MHz, but some older devices such as wireless printers and mobile phones cannot o
Read more