Hi All,

I sit on Network 192.168.65.0 Router is 192.168.65.1. - Vigor 2600

A small 2 man band will be joining us shortly with a Vigor 2800. Their Network is 192.168.1.0. Router being 192.168.1.1.

We have connected their router to ours with a Cat5 ethernet cable, they're in the same building but need to stay isolated.

In Lan Settings we have configured the static routes so that from each Network we can see the other network's Router.

From my PC - 192.168.65.82 I can ping their Router, and their server, and the 2 pc's on their network.

From their network they can ping our router, 192.168.65.1 but nothing else. Both routers appear to be configured like for like.

What am I missing? If indeed this is a router config error.

Regards,

Both those routers are ADSL routers. They only route between the LAN and the WAN, so any packets for addresses not on their LAN will be routed to the WAN.

You don't say exactly what you are trying to achieve.
Do both of these routers have an ADSL connection or are you trying to combine them to a single connection?

I would suggest you need to be looking at VLans - but you are likely to have to combine your IP ranges.

Sorry,

The smaller company will be sharing our ADSL connection to the outside world. But for a number of reasons they need to keep their LAN seperate from ours.

Well I think you've got 2 options really:

1. Get another router - a cable router (if you want to stick with Draytek look at the 2820 and 2930 ranges). You need to connect the WAN port of the new router into the LAN of your existing router. I would suggest giving the new router a fixed IP on your LAN on it's WAN side to make things a bit simpler.
You do have the slight disadvantage in this configuration that the LAN side of the new router will be double NAT'ed, and you are using 2 boxes instead of one, so of course there are 2 possible points of failure.

2. Use VLans to segregate the network. I think this is the preferable solution, as you only need a single router. If you have a managed switch, then use the VLan capability of the switch, as it is much more powerful than the Drayteks.
If you don't have a managed switch, then you need to effectively split the network in two, so that the router has 2 LAN cables plugged in - 1 for your company, and 1 for the smaller company. You can now change the router setup and give each connection a different VLan. e.g. make sure VLan1 is ticked for your company (and nothing else) and VLan2 is ticked for the other company (and nothing else)
This will then prevent devices on one VLan from seeing devices on the other.
You will though, have to merge the IP ranges. While each part of the network will be using the same range of IP's and they will all come from the same DHCP pool, each half of the network will be isolated from the other by the VLans, provided you make sure that each is assigned a different one.

Thank you runningdeere,

Our Backbone switch is a 24 port Dell, not Managed at the moment but it has the capabilities if I turn it on.

I think this is the route - no pun intended, I will go down.

I will keep this topic open just in case I need any further "suggestions".

Thanks for your input.

heres a good experiment for you with draytek routers and vlans.....

1. split your lan network into 2 using /25 so,

192.168.1.1-126
192.168.1.128-254

assume the draytek router is 192.168.1.1/24
with windows, assign static ip's to clients so with the above, the first subnet will be good and the second subnet will complain that the router ip isn't within it's subnet (which is right) but nonetheless work.

ping from one client on a different subnet to the other. result = no reply.... so far so good.
now lets put the port based vlans into operation. do another ping as above. result = no reply.... good again.
now change the subnet mask on a client from /25 to /24.
ping a client on the other subnet. result = reply!!!

the client on 1 vlan can talk to the other vlan! why? because instead of the request going to the switch processor, it goes to the router processor (as the other client isn't within its subnet) which in turn routes it to the other vlan'd port!