Solved

Subnetting existing network

Posted on 2009-07-14
13
231 Views
Last Modified: 2012-05-07
I have an existing network comprised of office user computers and production computers/PLC's on the same subnet.  My goal is to isolate the office machines and put them on a separate subnet as to not be subjected to all the data collection bandwidth usage from the production equipment.  My network is setup as 192.168.1.1 - 254, subnet 255.255.255.0.   I want to keep the production equipment untouched as most are static IP's, but the office users are DHCP so would like to setup new subnet for them.  My question is; what new IP schema should I use for my office environment, ie: 192.168.0.1 - 254 subnet 255.255.254.0?  Also, the new router that I have to buy to make this happen, what IP forwarding to the old router do I need to do to make this seamless so my users can still see the production equipment?  And lastly, I obviously have to change the DHCP scope range on the server to hand out the new IP's. (thats not really a question, just thinkin' out loud).  Any help or input is greatly appreciated.
0
Comment
Question by:dynamictechinc
  • 4
  • 3
  • 3
  • +3
13 Comments
 
LVL 6

Expert Comment

by:mickfinley
ID: 24852137
Vlans would be the best way to do this.  Are your present switches capable of VLANS?

0
 
LVL 6

Accepted Solution

by:
KevinCovert earned 250 total points
ID: 24852162
I honestly doesnt matter what IP subnet you use just as long as you stick with the private ranges.  I use a mix of 192.168.x.x 172.20.x.x and 10.x.x.x for ease of recognition.  the router you get you'll want it to be able to support both LANs, it will need to support VLANS, which would then mean your switches will need to support VLANS.

Once you get the hang of it, VLANs are really simple.  

Id check on the sonicwall TZ line, not sure if they are up to the task you are after.

KMC
0
 
LVL 25

Assisted Solution

by:Ron M
Ron M earned 250 total points
ID: 24852335
It really depends on the existing equipment you have... you may not even need a new router if you have a higher end ...managed switch.

As Keving pointed out, it really doesn't matter what you choose for IP range.

See attached... this is basically what you are talking about doing.



subnets.bmp
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24852529
xuserx2000, wouldn't you create a double NAT'd environment for the 192.168.2.1 subnet?

I've ran into issues with that.

Here was what I was thinking:


7-14-2009-11-21-07-AM.png
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24852552
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24852590
I've done this both ways....
VLAN is the best way though.  Not because of nat, but because of increased potential for bottlenecking.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:dynamictechinc
ID: 24853188
Thanks for the replies!  I've been researching the topic for vlans and loving the concept.  To answer the question thrown back at me, all of our switches are simple unmanaged, BUT recently we bought some production machine that came with a couple of Cisco managed switches and remember the contractor telling me about port assignments on them but he didnt know how to set it up.  I have a call in to him right now to find out if these are layer 3 switches.  As I move forward with vlans, I am thinking VLAN1 for production and their servers and VLAN2 for office and their server.  Keep in mind I still need some users in VLAN2 to access data on a VLAN1 server, and the way I understand it a layer 3 switch will allow me to set this up.  Is that right or do I do it thru the router?  If so, how difficult is it through the switch to setup, or the router?
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24853229
It is a pretty easy process, you'll want to do all routing on the firewall in your size environment.

What model # switches do you have most cisco are capable.
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24853238
If it's a cisco switch, ...there are a mountain of examples out there.
Can you tell us the model of the switch ?
0
 
LVL 5

Expert Comment

by:yashinchalad
ID: 24868236
yes, i agree with experts here...

one option is segmentation
you split your current n/w to 2 subnets ie 192.168.0.0/24 to

1. 192.168.0.0/25 ie you get hosts with 192.168.0.1 - 192.168.0.126 and subnet mask 255.255.255.128
2. 192.168.0.128/25 - hosts 192.168.0.129 - 192.168.0.254 and subnet mask 255.255.255.128

further down you mentioned that you have some new cisco boxes, anyways. its easy to configure VLAN and then add VLAN filter to control inter-VLAN communications...

let us all know, eager to help you.


0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24868615
Hi,

If you buy CISCO asa you able to make L2 firewall

Please refer this page:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

0
 

Author Comment

by:dynamictechinc
ID: 24925343
I am working to get you guys the model numbers of all the switches that will be used so bare with me, just trying to put out other fires the last few days.  Thanks to everyone for replying.  I will supply the information soon I hope.
0
 

Author Comment

by:dynamictechinc
ID: 25224035
update: We have installed the new router (Cisco 2821), as well as a new switch (Cisco 2960G).  I've decided to go the VLAN route and now in the process of mapping out the plan.  Still not sure how to configure the router to handle the inter-vlan communication, but i'm sure i can find all sorts of docs to figure it out.  Thanks to everyone that replied!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VLAN question 7 46
Command "logging persistent size .... " 6 28
Nexus OS - OSPF Command 3 33
Cisco ASA5508-X vs Barracuda X200 2 32
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now