Hi,
I have in the same office location a one device that needs to be separated from all others as I don't trust or manage it, being a 3rd party.
In summary I have the 2820vn in the main server room with a network cable run to a 2nd server room.\Server room 1 has multiple server connected via the 3 network ports. The 4th network port has a switch connected to it, the switch has again servers and this 3rd party device. I would like to know if there is a way of allowing all servers to have internet access via NAT and the 3rd party device too via NAT but ensure the 3rd party device can not be seen or more importantly can not see any of my devices except have internet access. PS I can not go down the route of installing software so any solution using the existing hardware or additional cheap hardware is preferred.

I was wondering if the 2nd dhcp server could be used i.e. different IP range?

Appreciate any help and advice.

You can do that but not using additional subnets - this 3rd party device would be on the same local subnet but totally unable to access other devices on that subnet other than the gateway.
To do that, just set up VLAN under the LAN menu and enable that, put the first 3 ports and wireless into VLAN0 and this un-trusted device (port 4) into VLAN1.
That should then work like you've described you want it to with the exception of having it on a separate subnet.
The 2nd subnet isn't used for an additional local subnet, that's for routing public IP addresses on to the LAN without using NAT, and setting it up for internal networks will break internet access for them.

The 2830 can do additional subnets using DHCP (up to 4).

Hi Voodle,
Thank you. Yep figured that re vlans, think I forgot to say that port 4 goes to a switch which is shared by the 3rd party device and trusted servers. Just looked at the 2830 and it sounds like it will do the trick using ip's and vlans.

dh4rm3sh wrote: Hi Voodle,
Thank you. Yep figured that re vlans, think I forgot to say that port 4 goes to a switch which is shared by the 3rd party device and trusted servers. Just looked at the 2830 and it sounds like it will do the trick using ip's and vlans.

As Voodle said, the kit you have already will do it.
You just need to unplug one of the servers from the 2820 and plug it into the switch, then plug your third party device into the 2820, and set up the VLans as Voodle said.
Done in 5 minutes - no expense!

(In fact I would plug all your servers into the switch(es), and only plug switches and the third party device into the router as it keeps things neater - but that's just me.)

I can't do that as it means running a second cable run from the router to the switch.
Currently the router is in server room1 with 1 cable run to server room2
Server room2 has the switch, servers and the 3rd party device.
I believe I have two options:
a) run a second ethernet from server room1 to server room2
b) swap out the 2820 for the 2830 and use vlans based on IP address

I think a diagram would have been easier to illustrate the topology, but no time

If you have a large network, for which DD-WRT is not a suitable core router you will probably want to have wireless clients be a part of the larger network. In this case, clients would get DHCP configuration from some other DHCP server, and could be accessed by other clients on the network.
_____________________
magento developers