rvdsabu4life
asked on
Need Help with Poorly Designed Network Splitting
Please bear with me. I am a server guy, not a network guy. We do not have the funds to have a Cisco Engineer to help us with this.
I inherited this network a few years ago. See the attached drawing as reference.
Basically, whoever designed this network was not thinking ahead. Out of our 2 locations, every device is on the same flat network subnet with ALL static IPs. No DHCP Exists. The two locations are connected with Metro Ethernet. There each have an Adtran Box and a Cisco 1751 router. Everything is on 10.0.0.x subnet. All devices can see each other. Now, we ran into the inevitable; we only have about 20 IP address left to use.
I am desperately trying to lighten the load until we can get an actual engineer in here to assist. My idea was to somehow split the PCs and Printers @ location A off on a different subnet and leaving Location B alone for now. I have had little success doing this.
With the help of people here on EE, I have gotten close, but always end up taking steps backward.
In location A we have about 100 computers and 40 printers. They are all connected with 3 Cisco 2950 switches. All of those us the Sonicwall TZ210 as a gateway to the internet.
Location B has a similar setup. However, many of the devices use the 3COM router in location A as their gateway. I have never understood that. The rest use a separate Comcast connection on a 3COM router in location B.
Here is where my network ignorance comes in. I tried subnetting using the X2 port on the Sonicwall and a new 2960 switch. I always end up with the same results. The computer on the second subnet can only see devices with the Sonicwall as a Gateway and not other gateways.
Taking advice from fellow EE experts, I tried attaching the 3COM in Location A using subnet B as its WAN interface. When that was in place, everyone using the 3COM could see everyone else, except people on subnet 2. When they would ping any other computers, they would just receive the IP address of the 3COM.
I am just stuck at why, the way it is, everyone can see each other regardless of gateway but NOT when I add a seperate VLAN. Then that VLAN can only see people on its subnet.
I will take any advice I can get on this as my jobs depends on it.
Thanks content.pdf
I inherited this network a few years ago. See the attached drawing as reference.
Basically, whoever designed this network was not thinking ahead. Out of our 2 locations, every device is on the same flat network subnet with ALL static IPs. No DHCP Exists. The two locations are connected with Metro Ethernet. There each have an Adtran Box and a Cisco 1751 router. Everything is on 10.0.0.x subnet. All devices can see each other. Now, we ran into the inevitable; we only have about 20 IP address left to use.
I am desperately trying to lighten the load until we can get an actual engineer in here to assist. My idea was to somehow split the PCs and Printers @ location A off on a different subnet and leaving Location B alone for now. I have had little success doing this.
With the help of people here on EE, I have gotten close, but always end up taking steps backward.
In location A we have about 100 computers and 40 printers. They are all connected with 3 Cisco 2950 switches. All of those us the Sonicwall TZ210 as a gateway to the internet.
Location B has a similar setup. However, many of the devices use the 3COM router in location A as their gateway. I have never understood that. The rest use a separate Comcast connection on a 3COM router in location B.
Here is where my network ignorance comes in. I tried subnetting using the X2 port on the Sonicwall and a new 2960 switch. I always end up with the same results. The computer on the second subnet can only see devices with the Sonicwall as a Gateway and not other gateways.
Taking advice from fellow EE experts, I tried attaching the 3COM in Location A using subnet B as its WAN interface. When that was in place, everyone using the 3COM could see everyone else, except people on subnet 2. When they would ping any other computers, they would just receive the IP address of the 3COM.
I am just stuck at why, the way it is, everyone can see each other regardless of gateway but NOT when I add a seperate VLAN. Then that VLAN can only see people on its subnet.
I will take any advice I can get on this as my jobs depends on it.
Thanks content.pdf
As far as I can see, you're going to run into a problem in that the 2950s and 2960 are L2 switches. You will need a device to do routing between subnets, unless you simply expand the subnet you're using with a larger mask.
Agreed. The 1751's will do it but you will need to have access to them. You may have to get the Metro Eth guys to help you. Not sure who set that link up for you.
The larger subnet mask would be the easiest way to go. Then you can just straighten out which router you want to be the gateway at each site. For the most part I would assume you would want the router at each site to be those PC's gateway. That is easy to change. You will have to forget about DHCP with that plan though.
ASKER
Thanks for the responses. I know its a complex job! I have been doing a lot of reading up on routing and switches.
Any idea how everything can see each other now, but when I add a second subnet on the Sonicwall, I can only see the Sonicwall traffic. That would make sense to me if It didn't work like that already
Any idea how everything can see each other now, but when I add a second subnet on the Sonicwall, I can only see the Sonicwall traffic. That would make sense to me if It didn't work like that already
ASKER
And yes I have access to all the equpiment
>Now, we ran into the inevitable; we only have about 20 IP address left to use.
If all your hosts are in the same lan, the quickest way to solve your issue is to assign secondary addresses on the interfaces of the host and servers. Note, this is just a temporary fix and you should redesign the network at somepoint in the future. you would use 10.0.1.0/24. If all your devices are in fact on the same broadcast domain, ARP will function and things will work, assuming network utilziation does not take over and crimple your network, but you should be fine for an additional 100 hosts with the assumption that you would monitor the network.
If all your hosts are in the same lan, the quickest way to solve your issue is to assign secondary addresses on the interfaces of the host and servers. Note, this is just a temporary fix and you should redesign the network at somepoint in the future. you would use 10.0.1.0/24. If all your devices are in fact on the same broadcast domain, ARP will function and things will work, assuming network utilziation does not take over and crimple your network, but you should be fine for an additional 100 hosts with the assumption that you would monitor the network.
ASKER
@Encrypted1024
The more I think about this, I am thinking the MertoE guys may be able to help out here.
The more I think about this, I am thinking the MertoE guys may be able to help out here.
ASKER
Actually, what are everyone's thoughts configuring 'router on a stick' on the Cisco 1721?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If I was to reconstruct the network from scratch, I might do something like this:
- Get rid of the 3com's and sonic wall.
- Make sure you have 3 interfaces in the Cisco's
- Connect one interface to Metro, one to internet, one to LAN.
- Make the cisco the default gateway at each site
- Set a static route between sites over the Metro
- Use IOS firewall on router
- Turn on DHCP with conflict detection at each site
- Swap all desktops to DHCP, leave servers and printer static.
This reduces more than half of the equipment, and utilizes the best stuff you have. Simple, cheap and effective. Any Cisco tech could do this in a couple of hours.
- Get rid of the 3com's and sonic wall.
- Make sure you have 3 interfaces in the Cisco's
- Connect one interface to Metro, one to internet, one to LAN.
- Make the cisco the default gateway at each site
- Set a static route between sites over the Metro
- Use IOS firewall on router
- Turn on DHCP with conflict detection at each site
- Swap all desktops to DHCP, leave servers and printer static.
This reduces more than half of the equipment, and utilizes the best stuff you have. Simple, cheap and effective. Any Cisco tech could do this in a couple of hours.
kdearings suggestion would work equally well. We were posting at the same time.
ASKER
@kdearing
That idea seems like it would work! I am going to call the MetroE people today and see if they can help/how much they charge
That idea seems like it would work! I am going to call the MetroE people today and see if they can help/how much they charge
ASKER
@kdearing solution will work.
I was able to speak with the metroE people, described what I wanted to do and they agreed it will work.
I was able to speak with the metroE people, described what I wanted to do and they agreed it will work.
So, first questions are, how does the traffic flow? How do you want it to flow? I see 5 routers there. A 3com at each site and a Sonic Wall plus 2 Ciscos. I am thinking that it was originally setup to route some traffic through the Sonic wall to take advantage of its content filter. Then traffic that didn't need content filtering would go through the 3coms or something like that.
This is a fairly complex job, and will require you to understand routing and you may need to reconfigure those Cisco routers to make it work properly.
You will need to divide the network into two subnets, one for each site. Set the 3com (or Sonicwall) at each site as the default gateway and then route beteen the two sites over the metro Ethernet.