none
Using the same PC for two different activities in 2 different LAN RRS feed

  • Question

  • I'm trying to find the best solution to use the same computers present in PC labs for two different activities/scope that involve them to be part of two different LANs. The organisation where I am working is using two typology of computers LABs . One type is connected to the internal network (LAN) using standard software and configurations. The other type is separated from the internal LAN and configured as an isolated environment and separate network (LAN) having different software and configurations as this LABS are used for different activities such as network penetration, Static IP manipulation etc .... The purpose is to find a way for the students or users to choose (for example at the boot time) to use the same PCs for one or the other environment LAB . On the second type of LABs there are differed needed and contraindications that are limiting me to find an ideal solution, so I would like to have if possible an exchange  of opinions with experts to investigate for the best option.

    Thank you.


    • Edited by epulone Sunday, December 8, 2019 4:35 PM
    Sunday, December 8, 2019 4:20 PM

All replies

  • Hi

    What OS on the clients - Windows 7 or 10 I assume?

    Install the Hyper-V role on the clients and create VMs to run the LAB environment OS (you could create a sysprepped image for this. You then would create a NAT Virtual Switch on Hyper-V and then only allowing the ports you need to work for you to communicate with the Corporate Network if required? 

    Do a google search for "using-nat-virtual-switch-hyper-v" - you'll hit a link to an article by Aidan Finn that should bring you in the right direction (sorry, forum wont allow me to post links .... ).

    You would need to have the VLAN tagged down from your firewall/router/tor switches to make this work.

    Thanks

    Michael


    Sunday, December 8, 2019 6:55 PM
  • Thank you Michael for your suggestion.

    I am going to look at it sound really interesting. 

    About Hyper-V  I have to specify one thing. In the independent LAB we are using for several activity WM Workstation 15.5. This version of VM gave me some issues. If Hyper-V is enabled on win10 1903 VM workstation 15.5 doesn't work properly. This incompatibilities forced me to unable it.

    For specific requirement I have to run on the same machine 2 OS (I can't use VM in the VM) --> the stand-alone win 10 OS specifically designed for the independent lab (I am using sysprep+answerfile for it) and  use the other OS for the corporate one when it is required an AD login to do some specific activities. This will help to support more students for different activities using the same PC.

    In this scenario unfortunately is required an automated switch network. In fact when is required to joint the independent LAN the system has to connect to the independent switch  and instead if it is required to joint the corporate LAN the PC has to connect to the corporate switch. It could be done with a dual boot OS but how will the PC be able to connect to the right LAN at the boot of the one of the other OS?

    Below a simple schema:

     



    • Edited by epulone Sunday, December 8, 2019 10:17 PM
    Sunday, December 8, 2019 10:12 PM
  • Hi

    you should have an option in the advanced configuration of your Network Adapters to specify a VLAN. Because you are using dual boot, you'll need to specify the VLAN that you want to use in both of the dual boot OS's. It will be using the same NIC, but it "should" work (disclaimer, I've never tested a dual boot scenario but I know that you can specify a VLAN under the NIC config and it does work).

    Link here will help you and is pretty much identical to what you are trying to achieve:

    https://serverfault.com/questions/706869/how-to-run-two-different-ip-ranges-in-one-vlan

    Let me know if this helps and how it goes, good luck with it.

    Thanks

    Michael

    • Proposed as answer by Mick Durkan Tuesday, December 10, 2019 5:51 PM
    Monday, December 9, 2019 3:53 PM
  • Thank you Michael.

    It seems this is the right direction to go. I can't test it straight away as I am waiting to setup the new lab (new machines are coming next year).

    If I understand well once I find the right drivers to expand the advance property of the nic card I'll be able to create a virtual NAT setting 2 different Vlan ID per each OS. The value ID I am going to give to the nic card Vlan will tag all traffic and will be recognised by the switch (settled with the same ID) to redirect the traffic to the secondary switch that belong to the right LAN.

    Am I right?

    Wednesday, December 11, 2019 10:36 PM
  • Hi

    yes, thats correct. Depending on the size of your setup, you would normally leave the Corporate environment as untagged, and then just tag the traffic in and out of the lab environment.

    Hope all goes well with the testing, let us know if you need any further help

    Thanks

    Michael

    Thursday, December 12, 2019 10:06 AM