Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

VLANning 10.15.x.x Network

Posted on 2006-05-15
15
Medium Priority
?
523 Views
Last Modified: 2013-12-07
Currently here is my scenario:

DMZ network:  10.15.11.x
Corporate network:  10.15.10.x
Arizona remote network: 10.15.100.x
Washington remote network: 10.15.30.x
Kansas remote network:  10.15.20.x

All remote sites are connected by AT&T FrameRelay MPLS or by hardware VPN.  How can I segment this scenario into different VLANs???  I'm confused as to which subnet to use for the management vlan.  Any input would be greatly appreciated!!!  Thanks in advanced.
0
Comment
Question by:dnguyen81
  • 7
  • 7
15 Comments
 
LVL 3

Accepted Solution

by:
abusimbel earned 400 total points
ID: 16689474
Hello dnquyen81,

I think I don't really understand your problem, it seems a quite clear subnetting, you have the network already divided in 5 networks:

You just need to create 5 VLANS one for each of the following segments:

DMZ network:  10.15.11.0/24
Corporate network:  10.15.10.0/24
Arizona remote network: 10.15.100.0/24
Washington remote network: 10.15.30.0/24
Kansas remote network:  10.15.20.0/24

You can create a new one for the managment or use the corporate one for example, is just a matter of security. All the rest is a matter of routing and security.

Could you elaborate a bit more your problem?

Regards,
Abusimbel.


0
 

Author Comment

by:dnguyen81
ID: 16695063
AT&T is currently managing our routers.  We are using non-managed switches for each subnet / remote site.

So I would just need to create one more vlan for management vlan?  Right now, the corporate network is one big flat network on the 10.15.10.x subnet.  i would like to split it further.
0
 
LVL 10

Expert Comment

by:naveedb
ID: 16695527
If you do not have any control over the router and are using non-managed switches, there is not much you can do. Why do you want to split cororate network? For security?

How is your coporate network operating right now, you have hosts connected with switches with default gateway which is AT&T that you do not have any control over?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dnguyen81
ID: 16695829
Corporate network and some remote site network/subnet is growing too big and slow.
0
 
LVL 10

Expert Comment

by:naveedb
ID: 16695896
So you do not want to split 10.15.10.x, you want to add another subnet OR increase the number of hosts.

0
 

Author Comment

by:dnguyen81
ID: 16696035
all of the above.  create another subnet for users and increase number of hosts without have any downtime.  Also optimizing network performance?
0
 
LVL 10

Expert Comment

by:naveedb
ID: 16696209
Increase number of hosts:
Before we proceed, how much control do you have on the routers? Can you tell AT&T that you are adding another subnet on your corporate network and they will configure it on the router? Without that we may not be able to do anything.

Once that portion is complete, the routing information needs to updated as well as VPN configuration to allow new subnet.

Security: you will need to provide more details. We can create Access lists on the router to only allow certain computers to communicate with the corportate network, but again that will require access to the routers. What else do you have in mind for security?

Performance: Adding another subnet will not increase performance unless you are having broadcast issues, neither it will increase the speed. If you have a switch and properly configured network, this will not help. Speed, when do you experience problems? Whey users access resources on the same network like corporate users on corporate network, OR when they access from / to remote sites like corporate users accessing resources on Washington Network?
0
 

Author Comment

by:dnguyen81
ID: 16696520
Right now corporate network is really slow.  It's a bunch of switches daisy chained together creating one big collision domain.  During lunch times or peak hours, the network seem to run slowwwwwww within the corporate network.  When I try to remote access the corporate network from another remote site in the SAME CITY as corporate network, it is dog slow.  I know that we need to upgrade our t1 speed at corporate.  


0
 
LVL 10

Expert Comment

by:naveedb
ID: 16698526
How many machines do you have at corporate?
0
 

Author Comment

by:dnguyen81
ID: 16699940
We have quite a few computers.....  but my goal here is to vlan each physical site to several different subnets in an organized way especially trying to put servers on one vlan and users on another vlan.  Would that put a lot of strain into the router or the main switch?
0
 
LVL 10

Expert Comment

by:naveedb
ID: 16700709
What are the model numbers for your routers and switches?
0
 

Author Comment

by:dnguyen81
ID: 16704078
They are not from just one vendor.  I believe we only have one managed HP switch and the rest are flat dummy gigabit switches.
0
 
LVL 10

Expert Comment

by:naveedb
ID: 16704479
How much are you planning to invest, we will need managed switch at each location to setup VLANs?
0
 

Author Comment

by:dnguyen81
ID: 16714320
Yesh, I know that is a must.... Probably gonna invest at least one switch for each vlan.  Right now, i'm still working trying to change all the sites to the right subnet.  Some are still in the 192.168.1.x range, which I do not like.  So I would have to trunk and use encapsulation on the router and switch correct?  I will split points.
0
 
LVL 10

Assisted Solution

by:naveedb
naveedb earned 600 total points
ID: 16714801
Yes, you will need to have atleast one switch and router that support VLANs and Trunking at each site.

Create one VLAN for IP Management, for example Switch management and router management.

Create one VLAN for high security machines, like Servers OR executives machines.

Create one for User machines and other hosts like printers etc.

Create ACLs at routers to filter traffic between VLANs for security or implementing organizational policies.

Sample:

Corporate IT Management: 10.10.1.0
Corporate Executive OR servers: 10.11.1.0
Corporate Users: 10.12.1.0

Arizona IT Management: 10.10.2.0
Arizona Executive OR servers: 10.11.2.0
Arizona Users: 10.12.2.0

Washington IT Management: 10.10.3.0
Washington Executive OR servers: 10.11.3.0
Washington Users: 10.12.3.0

This is just a sample, you may wish to create different categories on how you want to do IP Assignment, but it should be easier to undertand by anyone and should have some kind of series/logic.

All routing among different VLANs will be done at the routers, and switch should be capable of assigning different ports to different VLANs and also a trunking to connect with router
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question