Re: Best solution to segment subnets
- From: Vince <Vince@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 10 Feb 2007 12:12:01 -0800
Hi Kurt,
thanks for the quick anwser. Sorry, here is more information.
The problem is that swicthes are not managed, so they don't support Vlan's.
Foundry Networks 2402CF switches awasome models, i didn't know them. But now
we can't afford this cost.
There are three subnets and y don't know if it's posible to segment them
with the nowdays network layout. I have this:
subnet 1
|
switch
|
[Central Rack]
switch--------------------- subnet 3
ADSL router
Windows Server 2003 2 NICs
[Central Rack]
|
switch
|
subnet 2
Router ADSL 192.168.0.1 there is no way to manage this router because my ISP
installed it. I think what i want to do it's no posible, ins't it?
i am wondering if add to my windows 2003 server (DC) RRAS services and
segment this 3 subnets. Of course Vlan's it's the way to go but not posible
nowdays, no managed switches installed.
Sorry about my english.
Regards,
Vince.
"Kurt" wrote:
Vince wrote:.
Hi all,
with this scenario...
Subnet A 192.168.1.0
Subnet B 192.168.2.0
Subnet C 192.168.3.0
Switch
ADSL Router 192.168.0.1
Windows 2003 server 2 NIC's (Roles: DC active directory, File sharing
server, mail server)
- NIC 192.168.1.1
- NIC 192.168.0.3
Wich is the best practice to segment this networks? Should i set up RRAS
service in the server too? I need subnets don't see eachother but have access
to internet. Could you help me?
Regards.
This is not a real easy problem if your ADSL router will only listen to
192.168.0.0/24. You also haven't told us anything about the physical
layout of your network. If all the computers in each subnet are
connected on their own physical segment (rather than sharing the "wire"
with other subnets), and if their Internet access needs are basic, you
could just put another SOHO NAT router between each subnet and the ADSL
router, i.e.
ADSL ROUTER (192.168.0.1)
/ | \
192.168.0.2 192.168.0.3 192.168.0.4
Router-A Router-B Router-C
192.168.1.1 192.168.2.1 192.168.3.1
If the computers are sharing the same wire, the only real way to
separate them is using VLANs. Each port on a managed layer-2 switch or
multiple connected managed switches is configured for a separate VLAN.
Links between switches are configured to "trunk" all 3 VLANs. Computers
in subnet A are connected to ports configured for VLAN 1, subnet B to
VLAN 2, etc. Then there is no possibility of communication between
VLANS. You would still need the 3 extra routers. Something like this:
ADSL ROUTER (192.168.0.1)
/ | \
192.168.0.2 192.168.0.3 192.168.0.4
Router-A Router-B Router-C
192.168.1.1 192.168.2.1 192.168.3.1
\ | /
\ | /
-------------------------------------
| VLAN 1 VLAN2 VLAN 3 |
| SWITCH #1 |
| VLAN 1 VLAN2 VLAN 3 |
-------------------------------------
/ TRUNK | \
VL-1 Computer | VL-2 Computer VL-3 Computer
192.168.1.x | 192.168.2.x 192.168.3.x
|
TRUNK
-------------------------------------
| |
| SWITCH #2 |
| VLAN 1 VLAN2 VLAN 3 |
-------------------------------------
/ | \
VL-1 Computer VL-2 Computer VL-3 Computer
192.168.1.x 192.168.2.x 192.168.3.x
In this configuration, Computers connected to VLAN 1 ports on either
switch can connect to other computers connected to VLAN 1 ports on
either switch, but cannot connect to computers plugged into VLAN 2 or 3
ports. Check out Foundry Networks 2402CF switches. They're about $850 US
street price. Very capable switches for a fraction of the price of a
similar unit from that other company.
....kurt
- Follow-Ups:
- Re: Best solution to segment subnets
- From: Kurt
- Re: Best solution to segment subnets
- References:
- Re: Best solution to segment subnets
- From: Kurt
- Re: Best solution to segment subnets
- Prev by Date: Re: Best solution to segment subnets
- Next by Date: Re: Best solution to segment subnets
- Previous by thread: Re: Best solution to segment subnets
- Next by thread: Re: Best solution to segment subnets
- Index(es):
Relevant Pages
|
Loading
