Solved

Subnetting existing network

Posted on 2009-07-14
13
236 Views
Last Modified: 2012-05-07
I have an existing network comprised of office user computers and production computers/PLC's on the same subnet.  My goal is to isolate the office machines and put them on a separate subnet as to not be subjected to all the data collection bandwidth usage from the production equipment.  My network is setup as 192.168.1.1 - 254, subnet 255.255.255.0.   I want to keep the production equipment untouched as most are static IP's, but the office users are DHCP so would like to setup new subnet for them.  My question is; what new IP schema should I use for my office environment, ie: 192.168.0.1 - 254 subnet 255.255.254.0?  Also, the new router that I have to buy to make this happen, what IP forwarding to the old router do I need to do to make this seamless so my users can still see the production equipment?  And lastly, I obviously have to change the DHCP scope range on the server to hand out the new IP's. (thats not really a question, just thinkin' out loud).  Any help or input is greatly appreciated.
0
Comment
Question by:dynamictechinc
  • 4
  • 3
  • 3
  • +3
13 Comments
 
LVL 6

Expert Comment

by:mickfinley
ID: 24852137
Vlans would be the best way to do this.  Are your present switches capable of VLANS?

0
 
LVL 6

Accepted Solution

by:
KevinCovert earned 250 total points
ID: 24852162
I honestly doesnt matter what IP subnet you use just as long as you stick with the private ranges.  I use a mix of 192.168.x.x 172.20.x.x and 10.x.x.x for ease of recognition.  the router you get you'll want it to be able to support both LANs, it will need to support VLANS, which would then mean your switches will need to support VLANS.

Once you get the hang of it, VLANs are really simple.  

Id check on the sonicwall TZ line, not sure if they are up to the task you are after.

KMC
0
 
LVL 25

Assisted Solution

by:Ron Malmstead
Ron Malmstead earned 250 total points
ID: 24852335
It really depends on the existing equipment you have... you may not even need a new router if you have a higher end ...managed switch.

As Keving pointed out, it really doesn't matter what you choose for IP range.

See attached... this is basically what you are talking about doing.



subnets.bmp
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 6

Expert Comment

by:KevinCovert
ID: 24852529
xuserx2000, wouldn't you create a double NAT'd environment for the 192.168.2.1 subnet?

I've ran into issues with that.

Here was what I was thinking:


7-14-2009-11-21-07-AM.png
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24852552
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24852590
I've done this both ways....
VLAN is the best way though.  Not because of nat, but because of increased potential for bottlenecking.
0
 

Author Comment

by:dynamictechinc
ID: 24853188
Thanks for the replies!  I've been researching the topic for vlans and loving the concept.  To answer the question thrown back at me, all of our switches are simple unmanaged, BUT recently we bought some production machine that came with a couple of Cisco managed switches and remember the contractor telling me about port assignments on them but he didnt know how to set it up.  I have a call in to him right now to find out if these are layer 3 switches.  As I move forward with vlans, I am thinking VLAN1 for production and their servers and VLAN2 for office and their server.  Keep in mind I still need some users in VLAN2 to access data on a VLAN1 server, and the way I understand it a layer 3 switch will allow me to set this up.  Is that right or do I do it thru the router?  If so, how difficult is it through the switch to setup, or the router?
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24853229
It is a pretty easy process, you'll want to do all routing on the firewall in your size environment.

What model # switches do you have most cisco are capable.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24853238
If it's a cisco switch, ...there are a mountain of examples out there.
Can you tell us the model of the switch ?
0
 
LVL 5

Expert Comment

by:yashinchalad
ID: 24868236
yes, i agree with experts here...

one option is segmentation
you split your current n/w to 2 subnets ie 192.168.0.0/24 to

1. 192.168.0.0/25 ie you get hosts with 192.168.0.1 - 192.168.0.126 and subnet mask 255.255.255.128
2. 192.168.0.128/25 - hosts 192.168.0.129 - 192.168.0.254 and subnet mask 255.255.255.128

further down you mentioned that you have some new cisco boxes, anyways. its easy to configure VLAN and then add VLAN filter to control inter-VLAN communications...

let us all know, eager to help you.


0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24868615
Hi,

If you buy CISCO asa you able to make L2 firewall

Please refer this page:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

0
 

Author Comment

by:dynamictechinc
ID: 24925343
I am working to get you guys the model numbers of all the switches that will be used so bare with me, just trying to put out other fires the last few days.  Thanks to everyone for replying.  I will supply the information soon I hope.
0
 

Author Comment

by:dynamictechinc
ID: 25224035
update: We have installed the new router (Cisco 2821), as well as a new switch (Cisco 2960G).  I've decided to go the VLAN route and now in the process of mapping out the plan.  Still not sure how to configure the router to handle the inter-vlan communication, but i'm sure i can find all sorts of docs to figure it out.  Thanks to everyone that replied!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACL deny / Permit 10 46
VPN problems 4 62
Solar Winds can't see SQL Server Express 17 52
Palo Alto site-to-site vpn monitoring 5 46
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question