Solved

Network Segregation Project

Posted on 2004-11-01
362 Views
Last Modified: 2007-02-13
Hello,

I have one subnet (192.168.2.0/24) with everyone on it.  I want to make two subnets. 192.168.2.0/24 will still exist and I want to add 192.168.3.0/24.  There is a network printer with current IP address 192.168.2.134 that I want accessible from both subnets but the printer should be the only IP on the 192.168.2.0/24 subnet accessible from the 192.168.3.0/24 subnet.  Currently all LAN drops terminate into a 50 port layer 2 switch that terminates into a Linksys VPN router (IP 192.168.3.1) that has the WAN connection.

My plan was to take the 192.168.3.0/24 and put those connections on a seperate switch and keep the 192.168.2.0/24 network on the current 50 port switch.  I move the WAN connection from the Linksys to the new router and I connect both switches to the router.  I setup ACLs on the router that will allow 192.168.3.0/24 to talk to the 192.168.2.134 printer and filter everything else.

I'm looking for some advice.  With cost being a big factor here, would you approach this project differently?

What type of router would you recommend if one is purchased?
0
Question by:Spizance
    7 Comments
     
    LVL 16

    Expert Comment

    by:JammyPak
    if you need all 50 ports for the .2 network, then this sounds fine. otherwise, you could configure some of the ports on the switch to be in a different VLAN, and make that the .3 network. obviously, this would be cheaper since you wouldn't be buying another switch.

    in either case, you'll need something that routes (router or layer3 switch...). I've got a couple of small Cisco switches (1600 and 1700 series). Cisco isn't known as the cheapest, but we don't know what your budget is for this...
    0
     

    Author Comment

    by:Spizance
    Thanks.  Unfortunately, the switch doesn't have VLAN capability so another switch will be purchased.  

    I just remembered that a Cisco 1721 is available.  The specs say it has a built-in 10/100 port and two WICs.  Looking through the available WICs, I saw 1 port 10BASE-T cards.    I'm apprehensive about using two 1 port 10BASE-T cards for the LAN traffic but I don't know enough about bandwidth in this scenario to make an educated decision.

    Would the Cisco 1721, using the built-in 10/100 port for WAN (this would connect to Linksys VPN router) and the two 1 port 10BASE-T WIC cards for the two subnets, be a viable, cost-effective solution?

    Side note:  If I were to use the Cisco 1721, I don't want to consider replacing the Linksys VPN router with it because that would require purchasing the internal VPN module for the router and I really don't want to due to budget restraints.
    0
     
    LVL 15

    Expert Comment

    by:Cyber-Dude
    There are two ways you can achieve that;

    The first method:
    If the printer is attached to a print server that supports more than one IP address, your problem is solved; just add any other 2nd subnet IP address and your done. If not, follow the second method steps:

    The second method:
    1. Add to the DNS domain server the addition address range.
    2. Set all workstations on the new subnet the DNS Server as their gateway.
    3. Reffer all the addresses on the new subnet requests to the old subnet and set them as LAN.
    4. All printing requests will refer to the old subnet with no problem.

    If you want a step by step; what OS you have and what is the exact architecture?

    Cyber
    0
     

    Author Comment

    by:Spizance
    No thanks, Cyber.  The only traffic passing from one subnet to the other would be when the 192.168.3.x subnet wants to access the printer with IP 192.168.2.134.  The printer itself has an IP address and the software will be installed on the 192.168.3.x subnet computers to access the printer directly.  As long as the routing and ACLs are setup correctly, I'm assuming this should work fine using the two 10-BASET interface cards as this isn't intensive traffic.  The WAN connection is a DSL line, BTW.

    Cyber or JammyPak, what do you think about using two 10-BASET interfaces on the Cisco 1721 for the two subnets?

    0
     
    LVL 16

    Accepted Solution

    by:
    10-BaseT would probably be OK, but you'd have to try it and see. If you have a large amount of print spooling, especially big print jobs, there may be noticable slowdowns for people on the .3 network. (or maybe not!) You might want to look at the pricing for upgrading the router interfaces, just so you know what it would cost you.

    Generally I find that most users can't tell if they're operating at 10 or 100, but when you get large numbers sharing a single router connection, then it could be different. I don't think you mentioned how many hosts will be on the .3 network?
    0
     

    Author Comment

    by:Spizance
    Only seven hosts on the .3 network, so not too much traffic.  You have given me all the advice I need for now, I think I can take care of this.  Thanks for all the help!
    0
     
    LVL 16

    Expert Comment

    by:JammyPak
    OK, thanks and good luck
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Anonabox PRO Tor & VPN Router

    PRO is the most advanced way to fortify your privacy and online anonymity by layering the Tor network with VPN services. Use both together or separately, and without needing to download software onto your devices.

    Article by: IanTh
    Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
    When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now