Network Segregation Project


I have one subnet ( with everyone on it.  I want to make two subnets. will still exist and I want to add  There is a network printer with current IP address that I want accessible from both subnets but the printer should be the only IP on the subnet accessible from the subnet.  Currently all LAN drops terminate into a 50 port layer 2 switch that terminates into a Linksys VPN router (IP that has the WAN connection.

My plan was to take the and put those connections on a seperate switch and keep the network on the current 50 port switch.  I move the WAN connection from the Linksys to the new router and I connect both switches to the router.  I setup ACLs on the router that will allow to talk to the printer and filter everything else.

I'm looking for some advice.  With cost being a big factor here, would you approach this project differently?

What type of router would you recommend if one is purchased?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

if you need all 50 ports for the .2 network, then this sounds fine. otherwise, you could configure some of the ports on the switch to be in a different VLAN, and make that the .3 network. obviously, this would be cheaper since you wouldn't be buying another switch.

in either case, you'll need something that routes (router or layer3 switch...). I've got a couple of small Cisco switches (1600 and 1700 series). Cisco isn't known as the cheapest, but we don't know what your budget is for this...
SpizanceAuthor Commented:
Thanks.  Unfortunately, the switch doesn't have VLAN capability so another switch will be purchased.  

I just remembered that a Cisco 1721 is available.  The specs say it has a built-in 10/100 port and two WICs.  Looking through the available WICs, I saw 1 port 10BASE-T cards.    I'm apprehensive about using two 1 port 10BASE-T cards for the LAN traffic but I don't know enough about bandwidth in this scenario to make an educated decision.

Would the Cisco 1721, using the built-in 10/100 port for WAN (this would connect to Linksys VPN router) and the two 1 port 10BASE-T WIC cards for the two subnets, be a viable, cost-effective solution?

Side note:  If I were to use the Cisco 1721, I don't want to consider replacing the Linksys VPN router with it because that would require purchasing the internal VPN module for the router and I really don't want to due to budget restraints.
There are two ways you can achieve that;

The first method:
If the printer is attached to a print server that supports more than one IP address, your problem is solved; just add any other 2nd subnet IP address and your done. If not, follow the second method steps:

The second method:
1. Add to the DNS domain server the addition address range.
2. Set all workstations on the new subnet the DNS Server as their gateway.
3. Reffer all the addresses on the new subnet requests to the old subnet and set them as LAN.
4. All printing requests will refer to the old subnet with no problem.

If you want a step by step; what OS you have and what is the exact architecture?

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

SpizanceAuthor Commented:
No thanks, Cyber.  The only traffic passing from one subnet to the other would be when the 192.168.3.x subnet wants to access the printer with IP  The printer itself has an IP address and the software will be installed on the 192.168.3.x subnet computers to access the printer directly.  As long as the routing and ACLs are setup correctly, I'm assuming this should work fine using the two 10-BASET interface cards as this isn't intensive traffic.  The WAN connection is a DSL line, BTW.

Cyber or JammyPak, what do you think about using two 10-BASET interfaces on the Cisco 1721 for the two subnets?

10-BaseT would probably be OK, but you'd have to try it and see. If you have a large amount of print spooling, especially big print jobs, there may be noticable slowdowns for people on the .3 network. (or maybe not!) You might want to look at the pricing for upgrading the router interfaces, just so you know what it would cost you.

Generally I find that most users can't tell if they're operating at 10 or 100, but when you get large numbers sharing a single router connection, then it could be different. I don't think you mentioned how many hosts will be on the .3 network?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SpizanceAuthor Commented:
Only seven hosts on the .3 network, so not too much traffic.  You have given me all the advice I need for now, I think I can take care of this.  Thanks for all the help!
OK, thanks and good luck
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.