Link to home
Start Free TrialLog in
Avatar of Sharoness
Sharoness

asked on

Routing problem

I have an office with 2 branches A & B connected with each other via fiber optic cable (2MB/2MB) from 1 switch port in branch A to another port on the switch in branch B (bridge mode). Branch A has a DHCP server that serves branches A & B.
LAN: 192.168.100.0 GW: 192.168.100.1
 Branch A has a fortiwifi 60B FW with an internet connection that acts as a gateway for BRANCH A and B. When branch B computers are surfing on the internet they take up all of my fiber optic line (2MB/2MB).
I am buying a new Fortiwifi 80c FW tomorrow and I will replace the fortiwifi 60B FW with the 80C one and put the Fortiwifi 60B FW in branch B for internet access for branch B users only, this way I can free my  fiber optic line.
How can I configure on branch A the DHCP server to give out to branch B computers to have access to branch A computers but with access to the internet via branch B Fortiwifi 60B FW?
Please help!
Avatar of joelvp
joelvp
Flag of Netherlands image

Normally you would have to create 2 separate subnets, one for Branch A and one for Branch B. Then in the DHCP server you create 2 different scopes. For this to work, you do need to have a router on both sides or a routing switch (L3 switch). What type of switches are present in the Branch offices?
ASKER CERTIFIED SOLUTION
Avatar of simon_m_
simon_m_
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Sharoness
Sharoness

ASKER

I have a Layer 2 switch on both sides and i will like to keep the same subnet on both sides if possible. but what is the best way for me to make this work : I have no proble buying layer 3 switches. is it a better solution than a script?
ps do i need 2 layer 3 switches on both sides?
How many users do you have at each site ?
- You need a layer 3 switch on each site
- Having separate subnets is in general a better solution, because it also prevents broadcast traffic from crossing the WAN, however as it requires (a little) more configuration and L3 equipment there is extra work and money involved. As Simon says, it is important to know how many users there are on each side, to judge if it is worthwhile.
- as you have only 2Mbit of bandwidth over the WAN, in stead of buying a L3 switch, you can also get a cheap lowend (old model) router. This would be to save money, but it may be more configuration work
In Branch B I have 5 PC only,
ok, don't bother and go for the script solution as suggested by Simon
I was going to say if you only have a small number of users then a L3 switch is mostprobably overkill.  I agree that L3 switch would be better for performance in terms of keeping down broadcasts etc, but you would have to potentially change the way networking is working ( like WINS if you've got old stuff etc).

For just 5 PCs you could even have static IP addresses, and set the IP, default gateway, DNS etc. Remember if you have active directory  server DNS still needs to point at your main windows DC.

The downside is if people switch between offices, and take their PCs with them  as you will have to make manual changes every time..  a L3 switch would make it all automatic.
OK I agree that the script is a much simpler step, and alos my 5 uses are always on the move, they go in and out of Branch B, so i cant use a fix ip.

but lets say that i would use the LAyer3 switch, i would have to creat 2 Vlans right?
Hi,  couple of points ..

1. Even with a script you'll have to move users around in active directory, otherwise how will the script realise the users are in site B rather than site A.

2. With the L3 switches you would normally create 2 VLANs. You could get away with just 1 L3 switch, but you'd loose the benefit of keeping down broadcasts etc, however with 5 users that isn't really a problem.   I've done it with HP switches before, you create the 2nd vlan, and give it an IP address ( default gateway for the new vlan), and enable routing between the 2 vlans.  You would also need to then either set up the fortinet at site B as a DHCP server, or create an aditional DHCP scope at your main site, and enable DHCP relay on the L3 switch.

You may be able to use the DMZ port on the fortinet to somehow link the 2 sites together and have 2 separate subnets.