[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 398
  • Last Modified:

Best way to perform a network separation with out the use of VLAN's

I have a WAN link connected to a Cisco 1700 which is connected to a hotbrick firewall which connects to a Cisco 2950 swich where all the users are connected to.

I have two offices on the same subnet.  One of those offices want me to seperate them from the existing subnet and place them on their own subnet.

Thus far I moved those users from the existing switch on to another switch. And I have a cisco 1841 router that I can use.
What is the best approach (without using Vlans ) to separate red office from exisiting blue office
0
manthony09842
Asked:
manthony09842
  • 7
  • 4
1 Solution
 
lrmooreCommented:
            WAN
              1700
                 |
             switch/hub
             |               |
        hotbrick     1841
             |               |
          switch     HP switch
             |               |
         BLUE          RED

0
 
manthony09842Author Commented:
Thanks for laying that out simply for me

The office has about 20 users. Can I use RiP v2 for this scenario. On the other hand I was advised to use static IP addresses to the workstations, Servers, and Printers.
What are some important questions I should be asking myself going forward with this ?
All your expertise is greatly apprecited
0
 
lrmooreCommented:
No reason to use RIP or any other dynamic routing protocol. You are not talking to any other networks. Keep it as simple as possible.
Hotbrick has a single default gateway pointing to 1700
1841 router has single default gateway pointing to 1700
1700 doesn't care or even know about what networks are behind the two devices since both of then NAT the real IP's.
1841 can be DHCP server for RED network, no problem.
Never shall the two networks see or talk to each other.
I assume that the WAN in this case is Internet ISP? The 1841 can run the firewall feature set, or basic NAT, your choice. How much protection does RED network need? What kind of Internet services do you need to provide to the RED network? Email, www, etc? All that can be taken care of in the NAT statements on the 1841, as long as the hotbrick, 1841 and 1700 all share a common public subnet between them.

Q: What is your aversion to VLAN's?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
manthony09842Author Commented:
I don't have an aversion to VLANS at all just that the client IT rep does not want VLANS implemented.
From what I am told he just wants to be able to "unplug" if he wants to. I told him that he could stiill do that if VLANs were implemented.

That being said some of the resources do need to be shared and I may have to modify my original question by adding that the RED network has to talk to the BLUE network. eg: the conference room phones and printers which are on the "other"
Help....uggh
0
 
lrmooreCommented:
Well, that certainly  makes things ugly and requires either VLAN's to trunk to the 1841, and/or extensive access-lists on the 1841. Do you perchance have a 4-port ESW module on the router? Can you get one? That would  make it easier.
Something like this with 3 Ethernet interfaces on the 1841. Only the Hotbrick would need a route statement pointing back to the 1841 for the RED network

        WAN
              1700
                 |
             switch/hub
             |               |
        hotbrick     1841
             |           |       |
             |          /     HP switch        
             switch         |
               |               |
           BLUE          RED
0
 
manthony09842Author Commented:
a different situation has occoured
I have a medium  office about 50 users we all are experiencing "severe" latency  Users connect to the internet very slowly.
I  have a couple netgear 24 port switches  a few Dlink 4 port hubs no VLANS   and a modem connecting to a DSL link that has nominal upstream and downstream speeds.
What in your estimation could be the issue?????

0
 
lrmooreCommented:
You might be better off starting a new question thread with this issue.
We strive to keep individual treads one issue at a time. Makes cleaner database and better search results.
0
 
manthony09842Author Commented:
gotcha
thx
0
 
manthony09842Author Commented:
still working on the last recommendation you sent me
will be back shortly
0
 
manthony09842Author Commented:
Hello,
Been out f the office for a bit.  I have returned to the network seperation issue with some changes in the plan to do so could you tell me if this sounds good to you.......

RED T-1 WAN Link
   I
1700
   I
Hotbrick firewall
   I
RED Network Switch cisco 2960
   I
cisco 1841.....FA0/0----192.168.2.0>>>>> RED Network     Static route entries pointing to VLAN 1 from
   I             ......FA0/1----192.168.1.0>>>>>BLUE Network     192.168.2.0 to switch VLAN IP 192.168.1.1
BLUE Network Switch cisco 2960
Cisco AiroNet .....)))))))))))))))>>>>>>>>>>>>>>((((((((((((((( Building accross street.
   I
BLUE T-1 WAN Link

and if this is feasable should I use a routing protocol?

                                                          I


 
0
 
manthony09842Author Commented:
the separation is limited to the fact that RED network needs to share printers and conference rooms on the BLUE Network...

In that scenario I am hoping to provide that access and utilize the default VLAN 1 on the switches.
Also ...Is there anyway for the cisco 1841 to provide DHCP?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now