How to communicate with four separate LANs

I have 4 physically distinct networks. Let's call them A, B, C and D.

Usually, these should be isolated. However, there are various machines that require access to any two of them. These are secured with the necessary firewalls.

Now a requirement has come in that necessitates one machine having access to all 4 networks.

My initial reaction was to just put 4 NICs in the machine and be done with it, but this seems rather insecure. The recommendation from a previous installation is to use a switch to create a common network. Again, this doesn't seem secure. My question is this:

Architecture Diagram

How would I implemente a network similar to the above diagram, where the router was a server and the 3 VLANS are my other networks. Such that:

  • The server can access any machine on any other network according to that particular network's firewalls.
  • Machines on the networks can access the server according to the applicable firewalls.
  • There is no way for machines on the different networks to communicate with another network.

I'm not looking for a blow-by-blow, just for someone to point me in the right direction.


Why don't you simply create a new subnet for them (or for each, if necessary)? Work on layer 3 and forget trying to solve this on layer 2. Enable routing between the networks and limit it on the firewall-router to allow only those network-host pairs and protocol that are required.


The routing answer works, but creating routes between the vlans opens floodgates between the subnets or vlans. You'd have to firewall everything on those vlans to keep them isolated. You don't want to risk students accessing IT workstations. If this is the one and only computer that needs access to all 4, Id' have the computer physically connected to a switch port that tags all 4 vlans on it (with one being untagged), then on the computer you would use your NIC utilities to create 4 "virtual" nics based on vlan tags.