Subdividing a network while sharing an internet connection ?

Here's my problem: I've been asked to reorganize a network in order to reduce cost but I've to do it on a shoestring (it's for a non-profit thing)

Currently, they have three distinct ADSL lines for three groups of computers: 1/ a public computer room, 2/ the administration office and 3/ the staff's rooms. They want to do away with the redudant ADSL lines and keep only one. But they insist that the three computer groups should not be able to see one another.

The wiring is a mess but mostly in place. I've also three integrated modem/router (linksys WAG354G) and a ton of hubs.

If anyone had any pointers on how to do this in the cheapest possible way, I'd be very grateful.

 

I think you can achieve what you describe with NAT, configuring one port for each group of computer(meaning subnetworks), that way all the groups could reach Internet and remain in their own separated network.
However I have no idea if it can be done with the router you have.

 

Get Cisco switch and implement VLAN and private VLAN. That is all you need to do. You also need to configure static route for the internet connection.

 

Cisco switch are way too pricey in this case

I'm gonna try a wag354 configured as modem only, followed by wrt54gl flashed with dd-wrt.

Some hours of googling finally brought this up: DD-WRT - Setting up a separate / isolated VLAN on Port 4 with DHCP

Does it seem a viable option ?

 

Depending on who's router and/or switch that you have, it may already support vlans. A cheap way if all 3 groups are on their own switch, using a router on the front end could work. My netgear router supports vlans, as well as reserved IP's, static routes, among other options.

dd-wrt firmware is good if your router supports it.

 

VLAN.

If I remember correctly, OpenWrt does support vlan so DD-WRT should too.

edit:
the above recommendation of 3 different switches may be simpler and cheaper.

 

You can use another switch. It doesn't have to be Cisco, but your keyword is VLAN. That is the only thing that can help you accomplish what you want.

 

VLAN it is then... I don't think I can do it much cheaper than with the flashed wrt54gl. It's about 55€ new, no switch with vlan support is as cheap.

Thanks a lot everyone, I'll post my success or failure

 

any way you do this, you're probably going to have to spend money in order to set the company up to save money.

Depending on the cost of your multiple adsl lines, what kind of new hardware you might have to buy, and the amount of hours needed to get the new setup running and fully segmented/isolated/protected, the 'payback' for this could be years. Many years.

De sure to do this analysis BEFORE you commit to any action.

 

Actually, I did that analysis.

The two ADSL lines are 40€ and 25€ per month (the one they keep is more expensive).

The wrt54gl is 55€.
The hours of work are taken out of my free time; I'm no professionnal (I wouldn't ask otherwise). I expect to spend a week-end on this. It'll cost them a pair of meals.
I might need some meters of CAT5 to tidy up the network layout.

Unless I'm missing something, the investment would be recovered in a pair of months.

Here's a schema of what I've in mind:

 

I would get rid of the hub and combine one DSL line. I don't know how you are going to route the the traffice between VLAN with the equipment you have. If I were you, I would just buy one gigabit manage switch and plug everyone into that switch. You just segment the user by VLAN/subnet, and you have one static route to your DSL.

This is just me. I hope it would help.

 

I think the hub is a way to 'save money'

The WRT router should be able to support VLAN but there is only 4 LAN port there(usually). By using some very cheap/free hubs(basically using its uplink/downlink support), he can aggregate more machine into the same WRT router. In other words, the hub is as dumb as it can be, just using its ports to relay to the WRT router.

Of course, as you said a slightly more expensive smarter switch may be easier but being an non profit organization, funding can be a concern.

EDIT:
BTW, if the WRT has problem, you can always find a used PC(donated, unloved etc.) and put 2 NIC into it and run linux to serve as the router. May actually be easier and faster too. Power consumption is a slight concern though.

 

I'm affraid you've lost me.

If I understand what you suggest, you'd use the wag354 as modem and router and follow it by a manageable switch to set up the VLANs ?

What is the difference with a setup using the wag354 as modem and the wrt54gl as router and manageable switch to set up the VLANs ? The wrt54gl (once using dd-wrt or open-wrt) is just a router + a manageable 4-ports switch in one box (well, plus a wireless section but it'll be disabled in the end).

The only difference is that the wrt54gl is 55€. The cheapest manageable switch with VLANs I can find is like twice as much.

edit : message written while chimpazee was answering

 

I just look at your chart. It looks fine, and I assume that the router can assign multiple scopes of IP subnet. I also assume that you are using class C 192.168.x.x. With just few clients you have, I don't know why you need VLAN?

Just put them on the same subnet should be more than fine. It isn't like you are going to have cross-talk between port on the switch. Of course, it will happend when you use hub.

 

yup, manually sub-divide them into different class C based on MAC is another option too.

 

The chart is a simplified one. There's a total of about 25 computers, plus laptops from visitors connecting in rooms and in the public computer room.

 

I would add one thing, loose the hubs. Any place you see a hub use a switch. Hubs will kill any performance since the traffic is broadcasted through all ports. With switches if users are sharing files it will not need to go all the way back to the router for routing.

 

You're right. Unmanaged switches are pretty cheap those days anyway.