I have 10mb bandwidth I want to share between various customers. I have been able to "traffic shape" my switch ports to ensure the connected customer only receives their allocated bandwidth. I have also split up my public IP range on my router with static routes pointing to the customer routers/firewalls. However, the problem is that my router "inside" connection is in the same subnet as all the customer devices and they all connect into my VLAN 1 on my switch. I have tried using a "trunk" from switch to router with sub Interfaces but the router sub interfaces would all be in the same subnet, so this is not allowed. is there any way to keep the customers from being able to PING or attack other IP addresses on the same subnet as my VLAN 1 ? Public address allocation: 43.43.1.0 / 26 giving me: 43.43.1.1 to
43.43.1.62. I have configured the router as 43.43.1.1 / 28 and used static routes to point to the customer routers as: ip route 43.43.1.16 255.255.255.248 43.43.1.2 (customer A) ip route 43.43.1.24 255.255.255.248 43.43.1.3 (customer B) Now customer A & B and my Router interface are all in the same subnet- how can I prevent them PINGing or attacking each other? TIA, Ned