Currently, my modem connects to the WAN port on the Nighthawk R7800 router. The Nighthawk, TP-Link, and Raspberry Pi are all connected to the Netgear GS105E switch.
What I want to do:
I would like to set up two subnets:
Nighthawk: 192.168.1.0/24
TP-Link: 192.168.0.0/24
Both subnets should be able to access the internet, but they need not be aware of each other. This is especially true of the TP-Link (192.168.0.0/24) subnet, as it is meant for penetration testing and is, therefore, relatively insecure.
I then want to set up the GS105E switch so that all traffic from both subnets (say, ports 1 & 2) is mirrored to port 5, where the Raspberry Pi will be connected and acting as an IDS/packet sniffer.
Is this possible? If so, how?
Some further details:
In the current configuration, devices connecting to the Nighthawk router seem to get assigned random IP addresses from both the 192.168.1.0/24 and 192.168.0.0/24 subnets. I assume this is because both the Nighthawk and TP-Link routers are set up to provide DHCP service. But, since the Nighthawk is the gateway router, if a device is assigned an IP in the 192.168.0.0/24 subnet, it can't access the internet. Are VLANs somehow the answer to this?
In the current configuration, devices connecting to the Nighthawk router seem to get assigned random IP addresses from both the 192.168.1.0/24 and 192.168.0.0/24 subnets. I assume this is because both the Nighthawk and TP-Link routers are set up to provide DHCP service.
Not only - key cause is that you have connected both routers LAN ports to the very same broadcast domain, the same physical and logical network. But either way, both default gateways would be reachable.
Unclear what other usage you intend for the switch - as long as you connect it only to one of the TP link switch LAN port plus the IPS device on the mirror port, nothing will be mixed up.
Of course, you can configure an additional VLAN and have two or three designated ports on the other VLAN - unclear what you would like to achieve.
Last but not least - you still use the "outer" network and IP sub-net as a pass-through network.
I then want to set up the GS105E switch so that all traffic from both subnets (say, ports 1 & 2) is mirrored to port 5, where the Raspberry Pi will be connected and acting as an IDS/packet sniffer.
For this you need two VLANs of course. Two untagged ports on one VLAN each, plus the monitor port.
Be awere the switch will only see traffic passing it (plus broadacst and the like), so both VLAN and subnet data streams must flow through the switch.
At this point I don't know if the switch allows to have multiple ports mirrored, like one from each VLAN. If this is possible (I doubt), be aware that depending on the amount if bandwidth used (to times GbE) up to hald of the traffic can't reach the mirror port.
In the current configuration, devices connecting to the Nighthawk router seem to get assigned random IP addresses from both the 192.168.1.0/24 and 192.168.0.0/24 subnets. I assume this is because both the Nighthawk and TP-Link routers are set up to provide DHCP service.
Not only - key cause is that you have connected both routers LAN ports to the very same broadcast domain, the same physical and logical network. But either way, both default gateways would be reachable.
Unclear what other usage you intend for the switch - as long as you connect it only to one of the TP link switch LAN port plus the IPS device on the mirror port, nothing will be mixed up.
I had both the Nighthawk and TP-Link routers connected to the switch via LAN ports, with no VLANs set up. In that configuration, devices connecting to either router would get a random IP address from either subnet. If the IP was in the 192.168.0.0/24 range, the device could not connect to the internet.
So I set up two VLANs:
VLAN1: Ports 3, 4, 5
VLAN2: Port 2
ALL: Port 1
I connected the Nighthawk to port 1 via a LAN port, and the IPS device to port 5. Ports 3 and 4 are empty. The TP-Link was then connected to port 2 via a LAN port. In this configuration, IP addresses didn't get mixed up, but devices connecting to the TP-Link router couldn't access the internet. So I tried connecting the TP-Link router's WAN port to the switch. Now devices connecting to the TP-Link can also access the internet and there's still no mixing of IP addresses.
Be awere the switch will only see traffic passing it (plus broadacst and the like), so both VLAN and subnet data streams must flow through the switch.
At this point I don't know if the switch allows to have multiple ports mirrored, like one from each VLAN. If this is possible (I doubt), be aware that depending on the amount if bandwidth used (to times GbE) up to hald of the traffic can't reach the mirror port.
I have ports 1, 2, 3, and 4 mirrored to port 5, and it appears to be working. Of course, any non-broadcast traffic going directly through the Nighthawk router is not captured, but that's a separate issue. As far as I can tell, the Nighthawk firmware doesn't allow for port mirroring, so I'll probably have to flash DD-WRT, or the like, to make that happen.
