Sharoness
asked on
Routing problem
I have an office with 2 branches A & B connected with each other via fiber optic cable (2MB/2MB) from 1 switch port in branch A to another port on the switch in branch B (bridge mode). Branch A has a DHCP server that serves branches A & B.
LAN: 192.168.100.0 GW: 192.168.100.1
Branch A has a fortiwifi 60B FW with an internet connection that acts as a gateway for BRANCH A and B. When branch B computers are surfing on the internet they take up all of my fiber optic line (2MB/2MB).
I am buying a new Fortiwifi 80c FW tomorrow and I will replace the fortiwifi 60B FW with the 80C one and put the Fortiwifi 60B FW in branch B for internet access for branch B users only, this way I can free my fiber optic line.
How can I configure on branch A the DHCP server to give out to branch B computers to have access to branch A computers but with access to the internet via branch B Fortiwifi 60B FW?
Please help!
LAN: 192.168.100.0 GW: 192.168.100.1
Branch A has a fortiwifi 60B FW with an internet connection that acts as a gateway for BRANCH A and B. When branch B computers are surfing on the internet they take up all of my fiber optic line (2MB/2MB).
I am buying a new Fortiwifi 80c FW tomorrow and I will replace the fortiwifi 60B FW with the 80C one and put the Fortiwifi 60B FW in branch B for internet access for branch B users only, this way I can free my fiber optic line.
How can I configure on branch A the DHCP server to give out to branch B computers to have access to branch A computers but with access to the internet via branch B Fortiwifi 60B FW?
Please help!
Normally you would have to create 2 separate subnets, one for Branch A and one for Branch B. Then in the DHCP server you create 2 different scopes. For this to work, you do need to have a router on both sides or a routing switch (L3 switch). What type of switches are present in the Branch offices?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have a Layer 2 switch on both sides and i will like to keep the same subnet on both sides if possible. but what is the best way for me to make this work : I have no proble buying layer 3 switches. is it a better solution than a script?
ASKER
ps do i need 2 layer 3 switches on both sides?
How many users do you have at each site ?
- You need a layer 3 switch on each site
- Having separate subnets is in general a better solution, because it also prevents broadcast traffic from crossing the WAN, however as it requires (a little) more configuration and L3 equipment there is extra work and money involved. As Simon says, it is important to know how many users there are on each side, to judge if it is worthwhile.
- as you have only 2Mbit of bandwidth over the WAN, in stead of buying a L3 switch, you can also get a cheap lowend (old model) router. This would be to save money, but it may be more configuration work
- Having separate subnets is in general a better solution, because it also prevents broadcast traffic from crossing the WAN, however as it requires (a little) more configuration and L3 equipment there is extra work and money involved. As Simon says, it is important to know how many users there are on each side, to judge if it is worthwhile.
- as you have only 2Mbit of bandwidth over the WAN, in stead of buying a L3 switch, you can also get a cheap lowend (old model) router. This would be to save money, but it may be more configuration work
ASKER
In Branch B I have 5 PC only,
ok, don't bother and go for the script solution as suggested by Simon
I was going to say if you only have a small number of users then a L3 switch is mostprobably overkill. I agree that L3 switch would be better for performance in terms of keeping down broadcasts etc, but you would have to potentially change the way networking is working ( like WINS if you've got old stuff etc).
For just 5 PCs you could even have static IP addresses, and set the IP, default gateway, DNS etc. Remember if you have active directory server DNS still needs to point at your main windows DC.
The downside is if people switch between offices, and take their PCs with them as you will have to make manual changes every time.. a L3 switch would make it all automatic.
For just 5 PCs you could even have static IP addresses, and set the IP, default gateway, DNS etc. Remember if you have active directory server DNS still needs to point at your main windows DC.
The downside is if people switch between offices, and take their PCs with them as you will have to make manual changes every time.. a L3 switch would make it all automatic.
ASKER
OK I agree that the script is a much simpler step, and alos my 5 uses are always on the move, they go in and out of Branch B, so i cant use a fix ip.
but lets say that i would use the LAyer3 switch, i would have to creat 2 Vlans right?
but lets say that i would use the LAyer3 switch, i would have to creat 2 Vlans right?
Hi, couple of points ..
1. Even with a script you'll have to move users around in active directory, otherwise how will the script realise the users are in site B rather than site A.
2. With the L3 switches you would normally create 2 VLANs. You could get away with just 1 L3 switch, but you'd loose the benefit of keeping down broadcasts etc, however with 5 users that isn't really a problem. I've done it with HP switches before, you create the 2nd vlan, and give it an IP address ( default gateway for the new vlan), and enable routing between the 2 vlans. You would also need to then either set up the fortinet at site B as a DHCP server, or create an aditional DHCP scope at your main site, and enable DHCP relay on the L3 switch.
You may be able to use the DMZ port on the fortinet to somehow link the 2 sites together and have 2 separate subnets.
1. Even with a script you'll have to move users around in active directory, otherwise how will the script realise the users are in site B rather than site A.
2. With the L3 switches you would normally create 2 VLANs. You could get away with just 1 L3 switch, but you'd loose the benefit of keeping down broadcasts etc, however with 5 users that isn't really a problem. I've done it with HP switches before, you create the 2nd vlan, and give it an IP address ( default gateway for the new vlan), and enable routing between the 2 vlans. You would also need to then either set up the fortinet at site B as a DHCP server, or create an aditional DHCP scope at your main site, and enable DHCP relay on the L3 switch.
You may be able to use the DMZ port on the fortinet to somehow link the 2 sites together and have 2 separate subnets.