Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Setting up multiple subnets and DHCP server using wireless

Posted on 2007-07-25
9
Medium Priority
?
280 Views
Last Modified: 2013-11-09
I have a little problem and trying to figure out the best way to set this up. I am going to try to explain this the best that I can.

Building A - has the T1 line for internet access and contains all the servers. The servers and all the users in this building are connected to a standard 24 port switch. Also connected to the switch is a fiber line that runs outside to a tower. On that tower is an outdoor wireless access point with an omni-directional antenna. The access point is connected to the 24 port switch which is all on the 192.168.0.0 subnet.

Building B,C,D and E all have unidirectional antennas that connect directly to the tower. They each basically have one main switch that the wireless access point that connects to the main tower and the other computers are all plugged in to.

I would like each building to be on a different subnet. For example:

Building A - 192.168.2.0
Building B - 192.168.0.0
Building C - 192.168.1.0
Building D - 192.168.3.0
Building E - 192.168.4.0

I also want the DHCP server to be able to assign all addresses for all networks using reservations.

Is this possible and how would I go about doing this?

0
Comment
Question by:Wyandotte
  • 4
  • 3
  • 2
9 Comments
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 19570421
If all the computers can communicate then you just need to configure a DHCP server with a class B address scheme.

192.168.0.0 255.255.0.0
0
 
LVL 7

Expert Comment

by:trickz_2
ID: 19571012
I think you have a typo in your question, you said building A was 192.168.0.0, but in your list of buildings you show building B as 192.168.0.0

Assuming it is just a typo yes you can do this and it is very common. As knightrider suggested you could put them all on a single subnet and they would work fine if you are not using routers.  If you do want to have them on different subnets you can add a scope to your dhcp server for each subnet and then put DHCP helpers in your routers. Of course this method assumes you have routers that are capable of forwarding broadcast traffic to the correct subnet. The big question then is what kind of routers do you have in each building?
0
 

Author Comment

by:Wyandotte
ID: 19574144
It is not a typo, building A is currently 192.168.0.0, I want to get away from the .0 subnet and move to something higher due to possible issues with remote clients possibly being on a .0 network and trying to log into the vpn on a .0 network. .0 and .1 are too popular so I need to set up building A (the one with the server that they will be logging into) with .2 or higher.

Having them on separate subnets would be more secure, correct?

Building B doesn't need to access anything on building C, so I think separate subnets would be the most secure way to go. They way I understand it. Here is the plan that is going around in my head, I don't know if it will work or if its been done thousands of times, but here is my idea.

Each building will have all their computers plugged into a main switch, run a cable from the main switch to a router, go from the WAN port of the router to the wireless access point that is on the same network at building A. The gateway on the router will be the IP address of the access point. Then setup the routes in the router to route the traffic where it needs to go. I am basically wanting to setup so that each building has their own local network and building A is the "ISP". Wiill that work? As far as DHCP, I'm still not for sure the exact way that is best to set that up.

As far as routers, what make and model would you suggest that would be good for each building. I need it good, cheap and be able to do the job.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:knightrider2k2
ID: 19578000
Putting them on different subnets will not make it secure. you need to block traffic using access lists
0
 

Author Comment

by:Wyandotte
ID: 19578297
Well its not that big of a deal that it be completely tightened down. It's all on the same network now, I just thought it would add an extra layer of protection by not allowing the average user access to something they don't need. My main goal is that we need more IP addresses and so I thought putting everyone on a different subnet would add another layer of protection.
0
 
LVL 7

Accepted Solution

by:
trickz_2 earned 2000 total points
ID: 19584633
Adding subnets is not going to make your networks more secure. It will minimize broadcast traffic but all the buildings will still need to ge to the main building and the resources there. Yes you will be able to seperate the secondary buildings so they will not be able to pass traffic between networks.

Keep in mind you will not be able to use home based routers for this. You made a statement that you need more addresses. You can do that with out changeing your hardware. Its pretty easy to move up to a 1000 address scope. But if you want to, I think you should expect to spend about $750 for each router.
0
 

Author Comment

by:Wyandotte
ID: 19593225
As I stated, security is not an issue, it was just an added bonus. How exactly would I go about setting this up and what kind of router would I need for each building?
0
 
LVL 7

Expert Comment

by:trickz_2
ID: 19608589
I used the Cisco 1841 which is a small office branch office router. It is a real router running the Cisco IOS and it will do what you want. Be aware of some of the lower end routers as many of them will not be able to do the DHCP forwarding that you need. You will need 1 for each of your remote buildings. The setup process is fairly simple and it has a GUI interface if you are not comfortable with the Cisco command line interface.
0
 

Author Comment

by:Wyandotte
ID: 19608670
We are putting in all new servers and we have decided not to pile on more headache than what is already there. I believe we will just setup 1 large scope with a 255.255.254.0 mask giving us 500 addresses. We have too many buildings that have static ip addresses for certain systems and it would cause a headache trying to get those switched over because it's equipment that is taken care of by outside vendors. If anyone thinks this is a really bad idea please let me know and let me know why. Thanks.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question