Network Segregation Project

Hello,

I have one subnet (192.168.2.0/24) with everyone on it.  I want to make two subnets. 192.168.2.0/24 will still exist and I want to add 192.168.3.0/24.  There is a network printer with current IP address 192.168.2.134 that I want accessible from both subnets but the printer should be the only IP on the 192.168.2.0/24 subnet accessible from the 192.168.3.0/24 subnet.  Currently all LAN drops terminate into a 50 port layer 2 switch that terminates into a Linksys VPN router (IP 192.168.3.1) that has the WAN connection.

My plan was to take the 192.168.3.0/24 and put those connections on a seperate switch and keep the 192.168.2.0/24 network on the current 50 port switch.  I move the WAN connection from the Linksys to the new router and I connect both switches to the router.  I setup ACLs on the router that will allow 192.168.3.0/24 to talk to the 192.168.2.134 printer and filter everything else.

I'm looking for some advice.  With cost being a big factor here, would you approach this project differently?

What type of router would you recommend if one is purchased?
SpizanceAsked:
Who is Participating?
 
JammyPakConnect With a Mentor Commented:
10-BaseT would probably be OK, but you'd have to try it and see. If you have a large amount of print spooling, especially big print jobs, there may be noticable slowdowns for people on the .3 network. (or maybe not!) You might want to look at the pricing for upgrading the router interfaces, just so you know what it would cost you.

Generally I find that most users can't tell if they're operating at 10 or 100, but when you get large numbers sharing a single router connection, then it could be different. I don't think you mentioned how many hosts will be on the .3 network?
0
 
JammyPakCommented:
if you need all 50 ports for the .2 network, then this sounds fine. otherwise, you could configure some of the ports on the switch to be in a different VLAN, and make that the .3 network. obviously, this would be cheaper since you wouldn't be buying another switch.

in either case, you'll need something that routes (router or layer3 switch...). I've got a couple of small Cisco switches (1600 and 1700 series). Cisco isn't known as the cheapest, but we don't know what your budget is for this...
0
 
SpizanceAuthor Commented:
Thanks.  Unfortunately, the switch doesn't have VLAN capability so another switch will be purchased.  

I just remembered that a Cisco 1721 is available.  The specs say it has a built-in 10/100 port and two WICs.  Looking through the available WICs, I saw 1 port 10BASE-T cards.    I'm apprehensive about using two 1 port 10BASE-T cards for the LAN traffic but I don't know enough about bandwidth in this scenario to make an educated decision.

Would the Cisco 1721, using the built-in 10/100 port for WAN (this would connect to Linksys VPN router) and the two 1 port 10BASE-T WIC cards for the two subnets, be a viable, cost-effective solution?

Side note:  If I were to use the Cisco 1721, I don't want to consider replacing the Linksys VPN router with it because that would require purchasing the internal VPN module for the router and I really don't want to due to budget restraints.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
Cyber-DudeCommented:
There are two ways you can achieve that;

The first method:
If the printer is attached to a print server that supports more than one IP address, your problem is solved; just add any other 2nd subnet IP address and your done. If not, follow the second method steps:

The second method:
1. Add to the DNS domain server the addition address range.
2. Set all workstations on the new subnet the DNS Server as their gateway.
3. Reffer all the addresses on the new subnet requests to the old subnet and set them as LAN.
4. All printing requests will refer to the old subnet with no problem.

If you want a step by step; what OS you have and what is the exact architecture?

Cyber
0
 
SpizanceAuthor Commented:
No thanks, Cyber.  The only traffic passing from one subnet to the other would be when the 192.168.3.x subnet wants to access the printer with IP 192.168.2.134.  The printer itself has an IP address and the software will be installed on the 192.168.3.x subnet computers to access the printer directly.  As long as the routing and ACLs are setup correctly, I'm assuming this should work fine using the two 10-BASET interface cards as this isn't intensive traffic.  The WAN connection is a DSL line, BTW.

Cyber or JammyPak, what do you think about using two 10-BASET interfaces on the Cisco 1721 for the two subnets?

0
 
SpizanceAuthor Commented:
Only seven hosts on the .3 network, so not too much traffic.  You have given me all the advice I need for now, I think I can take care of this.  Thanks for all the help!
0
 
JammyPakCommented:
OK, thanks and good luck
0
All Courses

From novice to tech pro — start learning today.