Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 291
  • Last Modified:

Subnet Routing

Hello,

I have a network with 8 wired subnets.  Each subnet has  must have access to the ISP router. How do I set up the routers to achieve this?
0
keyboard53
Asked:
keyboard53
  • 5
  • 5
  • 3
4 Solutions
 
MiftaulCommented:
Add all the subnets in the Source List ACL, and NAT at the edge router.

All subnets can reach the isp gateway.

Do you want isp router to see all your subnets?
0
 
KwoofCommented:
If you don't have access to change info on the ISP router, then put a router in place between the ISP router and your switch to the subnets.  Most business routers have the ability to add multiple lan addresses.  Set one address for each of the subnets and set those as the gateway on the subnet computers.
0
 
keyboard53Author Commented:
Subnet routing is new me so I'm still a bit confused.  If I have 8 subnets, do I need 8 routers?  Regarding the subnets, I'm trying to isolate them from one another, but I still want to give all subnets access to the Internet.  Do the subnets need to see the ISP router in this case?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
MiftaulCommented:
No, you dont need separate routers for each subnets. You only need subinterfaces configured roiters interface connecting to the switch.

Create an acl with all those subnets and configure nat rule using that acl.

To isolate the subnets from each other, you can create other acls and apply them to the subinterfaces.
0
 
keyboard53Author Commented:
So if each subnet has its own switch, do I connect the switches together, and then have the edge router connected to the switch in the wiring closet with the dmarc?
0
 
MiftaulCommented:
Each subnet can be in a single switch, or multiple subnets can be in a single switch using vlans.

The smartest way is to make vlans within switch and assign different switchports to different vlans. Then create the port connecting to the router as trunk.

On the router port connecting to the switch, create subinterfaces for each vlans. This subinterface ip is the default gateway address for clients in different vlans.

Connect another port of the router towards isp router.

Please tell what equipments you are using so to give you more specific configurations.
0
 
keyboard53Author Commented:
I have several departments whose network access must be kept separate from each other for security reasons but each department needs Internet access.  There are over 200 hosts, i.e. workstations and printers within the 8 subnets.  It seems to me that in order to do what you suggest, I would need a centrally located switch pool, i.e. multiple switches connected together to get the required number of host network connections.  Also, what do you mean by "Connect another port of the router towards isp router." ?  Which router?  I thought routers had only two ports, one facing the subnet and the other connecting to another subnet.
0
 
MiftaulCommented:
Your network might look something like below
DiagramWe can then use ACLs or VLAN access-maps to isolate them from each other. Link Here

If your switches support PrivateVLAN, that could also be a smarter possibility.
0
 
KwoofCommented:
some routers also have a switch built-in as well.  Are your computers on static IPs, or do they use DHCP?  There are many ways you could setup this network with simple switches and routers, or with more expensive switches, you can setup VLANs .

You could setup a "tree" where each department has it's own network where they connect to a department switch that goes to a router that is connected to the ISP router (through a switch connected to the ISP router as needed to support 8 connections).  This would allow each department router to handle its own DHCP and keep complete isolation.

Or if there is some need for potential sharing of some resources, a main router can be setup connected to the ISP router for the internet and connected to switch(es) to connect to all the other computers.  This main router would be configure to have a multiple LAN addresses to allow access from each of the subnets.  Then you need to make sure the workstations are configured as static IPs to make sure they are on their own subnet, or use DHCP scopes and lease reservations to make sure they are assigned an IP address on the correct subnet.

Make sure to document the network architecture and establish procedures for your IT staff to make sure computer/equipment additions and removals are handled properly.

Will they be accessing any common resources like an exchange server, SQL server, etc.  Make sure to configure a zone for those resources.
0
 
keyboard53Author Commented:
I'm beginning to see what is possible.  The last suggestions and diagrams were very helpful.
 
However, could I have "department" switches (instead of hubs)  connected to a "sub-root" switch on the first floor and other "department" switches connected to a "sub-root" switch on the second floor, with these "sub-root" switches connected to a backbone (main root) switch that is connected to a router for Internet access?   If that would work,  how would I set up the VLANs such that computers on different floors would be part of the same VLAN?  

Finally, would subnets need to be involved in this scenario?
0
 
keyboard53Author Commented:
It's been some time since I've received a response to my last questions so I'm assuming they have already been answered.  If this is so, please respond and I will distribute the points.
0
 
MiftaulCommented:
You connect each departments switches together in each floor.. Connect one of the switches from the floor to the central switch. It would be better if you connect multiple cables bundled together to the core switch that way you get aggregated bandwidth and also redundancy.. The core can then connect to the Internet facing router.

Create different vlans for different vlans. You need to create the vlans on all the switches. And on the trunk link between the switches, you can manually define that to allow your created vlans. This way all the switches are aware of the presence of the VLANs. Now you need to configure each port connecting to the hosts to their respective vlans. No matter where a host is connected, as long as they are in the same vlan, the communication is allowed.

A vlan typically contains a single subnet. So for each vlan, you need to have different subnets.  If you need intervlan communication, you can configure that on the core switch.
0
 
KwoofCommented:
Yes, you can hook up the switches as you suggest.  I almost always have a main switch on each floor, then connect those floor switches to the main switch in the IT room.  It simplifies the cabling.  You would still establish subnet for each department if you want to keep them logically separated.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 5
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now