DrayTek Vigor 2960 Multi tenant setup using private and public IP addresses on LAN

Posted By Ian@SlashAdmin in Product Testing | 1 comment

This week in the lab we are going to setup a DrayTek Vigor 2960 for a small multi tenant office. Each office will have their own subnet and DHCP provided by our 2960. Each tenant will have the option of using public IP addresses on their own equipment on their LAN.

In our lab we have a suitable internet connection to support several users and a single DrayTek Vigor 2960 router. In our building network we are subletting three offices each with their own subnet. Port 1 on the 2960 will patch into the room for tenant 1 and port 2 patched into the room for tenant 2 and so on.

In our lab tenant 2 want to have a dedicated public IP for all of their traffic and a second public IP which they wish to assign to a router inside their network.

Review the network in more detail in this diagram.

To successfully implement this network we need to perform the following steps:

1. Configure WAN IP’s
2. Setup VLAN’s
3. Configure Proxy ARP
4. Configure Policy Route Rule
5. Configure LAN’s
6. Configure NAT Rules
7. Assign Public IP to LAN

Configure WAN IP’s

Ok lets start off by configuring the WAN 1 interface click

WAN -> General Setup -> Select 1 -> Edit

Configure the required  WAN IP, subnet, gateway and DNS servers. Since Tenant 2 requires their own dedicated public IP address we will assign them 37.152.50.156 so for now configure that address as an IP Alias.

Tenant 2 also requires the use of a public IP address on their LAN network. To enable this we need to add one of our public IP’s (it can be any in your public IP range which is not in use) as a routing subnet. Here click Add and we add 37.152.50.155 and configure the mode as ROUTING.

Setup VLAN’s

Each LAN needs to be setup with its own VLAN ID. Go to LAN->Switch->Add and set setup each port as shown giving each their own VLAN ID.

Each VLAND ID will have the port number selected as a member and untagged. Below we configure VLAN 10 as follows so repeat for each port as required. VLAN 11 will include Port 2 selected as a member and untag and so on for each port.

Configure Proxy ARP

Since we are using public IP addresses on the LAN side we need to configure a proxy ARP rule.

Routing->Static Route->Add

When adding the Proxy Arp specify the LAN profile which requires the use of public IP addresses and specify the IP we used earlier on the WAN as a routing IP. If other tenants require the use of public IP’s on their LAN you can configure multiple rules using the same routing IP but specify a different LAN profile.

Configure Policy Route Rule

Tenant 2 has requested their own public IP so we need a rule to route their traffic out via their own IP. Here  we configure a policy routing rule.

Routing->Policy Route->Add

Specify the source network which in this case is 192.168.1.0 for tenant 2. Specify the ‘Use IP Alias’ and specify their own address we have assigned them: 37.152.50.156.

Configure LAN’s

Now lets finally configure the LAN’s

LAN->General Setup->Add

Nothing too special here we configure our subnet and DHCP options for LAN 1

Here we configure our subnet and DHCP options for LAN 2

Here we configure our subnet and DHCP options for LAN 3

Configure NAT Rules

If any of our tenants require any NAT rules on the firewall we can configure them all from the Draytek. Here we configure a rule for LAN2 opening port 3389 from their own public IP to a host on their LAN.

Assign Public IP to LAN

The last thing to do now is to hand over the Public IP details to our Tenant on LAN 2.

We will choose a free public IP from our range so lets use the following 37.152.50.157. They must configure the gateway as the IP we specified as the routing IP earlier while configuring the WAN interface which was 37.152.50.155.

Summary

The DrayTek Vigor 2960 offers some powerful features for the small and medium business. In our lab we setup a small multi tenanted building using a single device servicing multiple tenants and even used public IP addresses on the LAN.

Top Tools

Every now and then I find a service provider that I just love using. If you need any new domain names, FTP servers or web hosting for yourself or a client give Blue Host a try.

They are one of the cheapest online without compromising on support!