Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Network Segregation Project

Posted on 2004-11-01
Medium Priority
Last Modified: 2007-02-13

I have one subnet ( with everyone on it.  I want to make two subnets. will still exist and I want to add  There is a network printer with current IP address that I want accessible from both subnets but the printer should be the only IP on the subnet accessible from the subnet.  Currently all LAN drops terminate into a 50 port layer 2 switch that terminates into a Linksys VPN router (IP that has the WAN connection.

My plan was to take the and put those connections on a seperate switch and keep the network on the current 50 port switch.  I move the WAN connection from the Linksys to the new router and I connect both switches to the router.  I setup ACLs on the router that will allow to talk to the printer and filter everything else.

I'm looking for some advice.  With cost being a big factor here, would you approach this project differently?

What type of router would you recommend if one is purchased?
Question by:Spizance
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 16

Expert Comment

ID: 12466740
if you need all 50 ports for the .2 network, then this sounds fine. otherwise, you could configure some of the ports on the switch to be in a different VLAN, and make that the .3 network. obviously, this would be cheaper since you wouldn't be buying another switch.

in either case, you'll need something that routes (router or layer3 switch...). I've got a couple of small Cisco switches (1600 and 1700 series). Cisco isn't known as the cheapest, but we don't know what your budget is for this...

Author Comment

ID: 12467650
Thanks.  Unfortunately, the switch doesn't have VLAN capability so another switch will be purchased.  

I just remembered that a Cisco 1721 is available.  The specs say it has a built-in 10/100 port and two WICs.  Looking through the available WICs, I saw 1 port 10BASE-T cards.    I'm apprehensive about using two 1 port 10BASE-T cards for the LAN traffic but I don't know enough about bandwidth in this scenario to make an educated decision.

Would the Cisco 1721, using the built-in 10/100 port for WAN (this would connect to Linksys VPN router) and the two 1 port 10BASE-T WIC cards for the two subnets, be a viable, cost-effective solution?

Side note:  If I were to use the Cisco 1721, I don't want to consider replacing the Linksys VPN router with it because that would require purchasing the internal VPN module for the router and I really don't want to due to budget restraints.
LVL 15

Expert Comment

ID: 12471981
There are two ways you can achieve that;

The first method:
If the printer is attached to a print server that supports more than one IP address, your problem is solved; just add any other 2nd subnet IP address and your done. If not, follow the second method steps:

The second method:
1. Add to the DNS domain server the addition address range.
2. Set all workstations on the new subnet the DNS Server as their gateway.
3. Reffer all the addresses on the new subnet requests to the old subnet and set them as LAN.
4. All printing requests will refer to the old subnet with no problem.

If you want a step by step; what OS you have and what is the exact architecture?

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!


Author Comment

ID: 12472409
No thanks, Cyber.  The only traffic passing from one subnet to the other would be when the 192.168.3.x subnet wants to access the printer with IP  The printer itself has an IP address and the software will be installed on the 192.168.3.x subnet computers to access the printer directly.  As long as the routing and ACLs are setup correctly, I'm assuming this should work fine using the two 10-BASET interface cards as this isn't intensive traffic.  The WAN connection is a DSL line, BTW.

Cyber or JammyPak, what do you think about using two 10-BASET interfaces on the Cisco 1721 for the two subnets?

LVL 16

Accepted Solution

JammyPak earned 2000 total points
ID: 12472456
10-BaseT would probably be OK, but you'd have to try it and see. If you have a large amount of print spooling, especially big print jobs, there may be noticable slowdowns for people on the .3 network. (or maybe not!) You might want to look at the pricing for upgrading the router interfaces, just so you know what it would cost you.

Generally I find that most users can't tell if they're operating at 10 or 100, but when you get large numbers sharing a single router connection, then it could be different. I don't think you mentioned how many hosts will be on the .3 network?

Author Comment

ID: 12472587
Only seven hosts on the .3 network, so not too much traffic.  You have given me all the advice I need for now, I think I can take care of this.  Thanks for all the help!
LVL 16

Expert Comment

ID: 12472904
OK, thanks and good luck

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question