Practical (not theoretical) Subnetting 192.168.0.0/25

ipv4networkingroutersubnet

The Situation

I have a Netgear WGR614v7 router (wireless disabled).

Hosts in both subnets should have internet access but should not be able to ping hosts across the subnets.

I want to split my private class c network into two subnets:

First Subnet:

Subnet Mask: 255.255.255.128

Subnet Address: 192.168.0.0

Broadcast Address: 192.168.0.127

Host range 192.168.0.1 – 192.168.0.126

Default gateway 192.168.0.1

Second Subnet:

Subnet Mask: 255.255.255.128

Subnet Address: 192.168.0.128

Broadcast Address: 192.168.0.255

Host range: 192.168.0.129 – 192.168.0.254

Default Gateway: 192.168.0.1 (I think this is wrong?)

Router Configuration

Router configuration ("LAN IP Setup" tab on the WGR614v7 – looks a lot like this http://interface.netgear-forum.com/WGR614v6/start.htm):

LAN TCP/IP SETUP

IP Address: 192.168.0.1

IP Subnet: Mask 255.255.255.128 (Maybe I should change this on the router to /24 instead of /25 and put /25 masks on the hosts??)

RIP Direction: None

RIP Version: Disabled

Use Router as DHCP Server: Enabled

Starting IP Address: 192.168.0.50

Ending IP Address: 192.168.0.99

Address Reservation: None

The workstations

I have a workstation in the 1st network (192.168.0.51 via DHCP) which has internet access no problem.

A workstation in the 2nd network (192.168.0.129 via static IP) can't reach the internet nor can it ping the router (192.168.0.1).

The Main Question

Can you please help me find out what I'm doing wrong? I am trying to find out why I can't put that second workstation (192.168.0.129) on the second subnet and access the internet from it or ping the router.

Best Answer

I don't think you can properly do what you are trying to with your current router (unless you can upgrade it to OpenWRT or equivalent.). Its also A LOT harder to do then you think - and probably can't be done through the web interface alone.

As has already been pointed out, each subnet needs to point to the router with an IP in its own netblock.

Thus on LAN Interface of the router you need to have 2 IP addresses - 192.168.0.1 and 192.168.0.254 (or, in the second case, an Ip address in 192.168.0.129 - 192.168.0.254 which you are not using). In order to do this you need to bind a second IP address to the router, and it does not appear to allow you to do this.

Even if you do achieve the above, you are still only part way to your goals. If you are using DHCP, you need to have the DHCP server answer on both subnets, and provide IP's in the appropriate range for each subnet. Again, this is doable but probably not with your current router.

The question to ask though is "Why are you doing this". Doing this does not buy you any significant security/isolation because the systems are still on the same segment, ie computers in one half can read and respond to broadcast traffic in the other half. The typical way of handling this problem is thus a bit more complex - and again, you need more powerful router software to pull it off. (In order to fully understand what I'm going on about here, you need to understand the difference between a subnet and network segment - the 2 concepts go hand-in-hand, and generally 1 subnet=1 segment, but you are describing 2 subnets on 1 segment - which is often not what you want)

The way I have done something similar is thus - I got a router which supported OpenWRT. I configured the LAN ports on the router into different VLANS. (Most 4 port routers are interesting in as much as the 4 lan ports are actually individually accessed, and the software makes them appear as a switch and interchangeable - but you can actually program them to be on different VLANS, and provide per-port isolation). You then put each VLAN in a different subnet, and assign an IP address to the router interface for each subnet. You will probably need 2 switches (if you have more then 3 devices in any subnet) - you would need to use 1 of the switches for each subnet. In this way computers are in different network segments and - from a practical POV - can't talk to each other without going through the router. [ That said, I can point you to articles which say don't rely on VLANS for security - although I don't agree with their conclusions ]

Related Solutions

Windows – How to connect to multiple independent networks at the same time

Your wired connection is configured with a default gateway that's inaccessible through your IP Address/Subnet mask configuration.

Change the wired gateway to 192.168.0.1 (or whatever that does routing for the wired connection, here i'm assuming the wireless router is the same one you've connected through wired).

EDIT: As answer was solved in the comments below, the following comment is deemed useful in solving the problem:

Is the Draytek connected to the internet? It could be that if it's not, the metric for default gateway on the wired network is more preferred than the wireless. You could try to remove the default gateway on the wired network (if it's not supposed to access the internet).

Subnetting 90.103.80.0/21 into 8 subnets with at least 250 hosts per subnet

As you already suspected it's answer 4 that's not correct. To see this it might be best to write the addresses down in binary notation.

The address range you have been given (90.103.80/21) comes down to:

01011010 01101111 01010xxx.xxxxxxxx
--------.--------.-----xxx.xxxxxxxx

with "x"es marking the part that you are free to assign any combination of "0" and "1" to.

Taking 3 additional bits as the network part you're left with the following:

01011010 01101111 01010nnn.hhhhhhhh
--------.--------.-----xxx.xxxxxxxx

With "n" marking the bits used for the network part and "h" marking the bits used for the host part.

Your networks will be thus using the combinations "000" "001" "010" "011" "100" "101" "110" and "111" to substitute the "nnn" part. Leaving (without network and broadcast adress) 254 hosts on each network with addresses distributed as follows:

01011010 01101111 01010nnn.hhhhhhhh

-- 1st network --------------------
                       000.00000000   network    90.103.80.0
                       000.00000001   1st host   90.103.80.1
                         ...           ...
                       000.11111110   last host  90.103.80.254
                       000.11111111   broadcast  90.103.80.255
-- 2nd network --------------------
                       001.00000000   network    90.103.81.0
                         ...
                       001.11111111   broadcast  90.103.81.255
-----------------------------------
          .....
-- 8th network --------------------
                         ...
                       111.11111111   broadcast  90.103.87.255