NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Bridge 2 Networks with SRX5308 Help
Hello, Here is what I am trying to accomplish. Building A - 192.168.0.x Building B - 192.168.1.x I have a ubiquiti wifi antenna that is connecting both buildings for the SOLE purpose of buil...
I got it working. Thanks to c3po2 for the guided assistance.. In a nutshell here is what i did. My brain was cramping for days with this.
The First Key, was properly setting up the VLAN's on Both Firewalls. In the SRX5308, I created VLAN20 with the IP 172.16.10.1/29 located in Building A. Building B TPLink ER605 I created VLAN20 with the IP 172.16.10.2/29. The SRX5308 VLAN, has Inter-Vlan Routing box enabled. *Note - The Ubiquiti Nano 5ac Antenna is plugged into LAN 3 on the SRX5308.. NOT the Wan port. Shown below are the settings for the VLAN (called CBBridge). As you can see also, i only have Port 3 checked off, where the Antenna is plugged into.
Next the Routing on the SRX5308 shown Below. The cavieat that i didn't figure out til i tried it, was the Gateway. I kept thinking the 172.16.10.1 IP of the Vlan on the SEX5308 was the one to use, i was incorrect. I had to use the 172.16.10.2 gateway, which is the IP of the VLAN on the TP Router in Building 2. Before i figured that out, i was able to ping things using the internal diagnostics of both firewalls, but unable to get the Lan to ping (which the routes fixed).. Here is that config.
This is the routing i setup, which is a single static route for the people at building A to get to building B's Nas drive.
On Building B's side, this is the setup. (TPLink ER605)
This is the static route i created on the TP Link so the Building A network can communicate to the Building B LAN thru what i called "UbiquitiBridge" VLAN.
As you can see, its routing all the 192.168.1.1 traffic thru 172.16.10.1 which is the gateway of the VLAN on the SRX5308 in Building A.
Now, all the machines that have mapped drives to the NAS Share at Building B are operating at full gigabit speed, and I am extremely happy.
Thanks to everyone for the help, and guidance. I hope this can help others who need to do the same thing.
*Note - while i haven't yet gone on site to make sure both DHCP servers are not in any way messing with anything, i created a ALWAYS BLOCK rule on the SRX5308 to Block UDP port 67 from the IP range of the VLAN.*
I did below experiment on two NETGEAR PR60X routers, you may be able to achieve same with your existing hardware, below is just showing how it may work in principle for your reference, you may need extra configuration to restrict access between two buildings:
Router A: LAN1, LAN2, LAN4, LAN5 untagged for VLAN1 with DHCP enabled 192.168.1.1, LAN3 untagged for VLAN10 with DHCP disabled, set static IP of 192.168.10.2
Router B: LAN1, LAN2, LAN4, LAN5 untagged for VLAN1 with DHCP enabled 192.168.2.1, LAN3 untagged for VLAN10 with DHCP enabled 192.168.10.1
I used an Ethernet cable to connect LAN3 ports together to simulate your wireless bridge.
Simplest settings to get access:
Router A: Enable inter VLAN routing, add static router for 192.168.2.0 through gateway 192.168.10.1 on VLAN10
Router B: Enable inter VLAN routing, add static router for 192.168.1.0 through gateway 192.168.10.2 on VLAN10
With above settings, Router A and B LAN can access each other, extra traffic rules are needed to block unwanted traffic.
Thanks so much i think im headed in the right direction.. I setup a config similar to this setup.. I have the Antenna of A in Lan port 3. Created VLAN 20 on The SRX5308 with the ip 172.16.10.1/29. I am now, from Building A's LAN can ping and access the management interface of the Antenna at 172.16.10.3... In the Vlan setup i have all 4 lan ports selected (on both Vlan 1 and Vlan 20), and turned on Inter-Vlan Routing on Both Vlan interfaces.. (I only had it on Vlan 20 before)..
So now it looks like the Vlan is working correctly on the netgear... when i go a trqacert to say 192.168.0.10, the first hop is correct its the srx5308 at 192.168.1.1, but then it looks like its not going to the gateway (Vlan20)'s iip at 172.12.10.1 as the second hop.. Before it was taking the second IP out to the Net, which was incorrect... So im gettin closer. I have to check the config on Building B's router- now
This is where i stand now.. So the SRX5308 seems to be working.. I can ping 172.16.10.1 and .3 (.3 is the management interfece of the antenna) and access it from chrome without having to use an IP Alias.. So intoher words the routing is working there..
Now on the other side, in building B, i created a VLAN with the IP 176.16.10.2 .. I can not ping it from building A. Oddly enough when i went into the ER605 i was able to ping everything in building A thru its disgnostic ping tests. I have both VLAN's on the ER605 set as "Normal" not Bridged.
Im thinking out loud here... So, Building B is able to see and connect to everything at building A... Im wondering if i should just swap the antennas? Maybe there is a serer/client thing with the antennas i didnt know about.. But also weird, im able to ping to anything at A on the LAN setting under the ping tester, not the VLAN Group i created.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
