Network reconfiguration

175 pts.
Tags:
Network Configuration
Subnets
VPN
VPN configuration
I am changing our network from a flat network (LANSPAN) to a network with subnets and VPN's. Currently there is just one router at a central location that the other 7 schools point back to for Internet access. The 7 locations all make up one domain that link back to this central location. What is the process to go about subnetting and setting up VLAN's in this network redesign? Each school will have a router installed with newly added fibre. The new subnet mask will be 255.255.255.224 with 8 subnets and 30 hosts/subnet. DHCP is currently setup only on the primary domain controller at the central site. I need to preserve the existing domain environment with communication among all schools. I assume I will have to setup a separate DHCP scope at each school now. How do I setup the network so that the different subnets can still talk and communicate with each other, thus preserving the domain environment that is currently in place.

Answer Wiki

Thanks. We'll let you know when a new response is added.

To make sure all subnets can communicate with each other, you need to setup routing at each gateway which will be your new routers. Static routes will work, but with 8 nodes in a full mesh it is better that you setup a spanning tree algorithm like EIGRP or RIP.

Cisco’s DHCP Helper can help you reduce the amount of DHCP servers you need, but to simplify things, you should setup a separate DHCP server at each site. That will also make each site more independant in case the WAN connection fails.

Example DHCP scheme:
Site A
Scope 192.168.0.2 – 192.168.0.30
Gateway 192.168.0.1
DNS <DC IP Address>

Site B
Scope 192.168.0.34 – 192.168.0.62
Gateway 192.168.0.33
DNS <DC IP Address> (Same as Site A)

Example Static IP Route:
Site A to Site B
IP Route 192.168.0.32 255.255.255.224 192.168.0.33(OR name of Network Interface)

Site B to Site A
IP Route 192.168.0.0 255.255.255.224 192.168.0.1(OR name of Network Interface)

This is a light overview of what needs to be done, so post any questions in the discussion section.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Skenny
    As an example: School A has a subnet name of 10.194.142.0/24 and an IP sorting string of 10.194.142.000/24. School A also has a subnet name of 10.194.143.0/24 and an IP sorting string of 10.194.143.000/24. (Data Network - Lanspan IP) This same school A has a subnet name/ip sorting string of 10.194.184.192/27 (Transport Subnet - Private - VPN/Lanspan IP) . The range of IP addresses are 10.194.184.193 through to 10.194.184.222. This is a similar setup in each school. So, if I understand correctly, school A will have a DHCP scope from 10.194.142.0 to 10.194.143.255 with a 255.0.0.0 subnet mask for DHCP purposes. The router's IP address is 10.194.184.222 (which is the gateway). As you had indicated, the DNS setting on each computer would point back to the DC's IP address. Is this correct? Three of the seven schools have fibre connections from the past. There is no router at these schools. How can these three schools participate in this setup? Will I need a layer 3 switch in these environments so that these Lanspan circuits cn point to the headend? Thank you for your assistance. It is very much appreciated. .
    175 pointsBadges:
    report
  • CRagsdale32
    if cost is an issue, you can set up 7 layer 3 switches to do everything mentioned in this thread so far, except the DHCP service, but if you use a DHCP server(service on a server) at each location this won't present any issues. You can still set up static routing between each location, mesh topology for connection redundancy etc. Mshen has outlined pretty much exactly what you need for each location IP wise and routing wise. The security (ACLs, Port security etc) is up to you and your team on how you want it layed out. with 7 layer 3 switches you can VLAN the entire network with realative easy also. Just be sure you use router-on-a-stick method to transport back to the central router. Check out Cisco.com and browse through some of their tech support pages for more info on setting up your network this way.
    755 pointsBadges:
    report
  • BlankReg
    First thing I would do is decide the subnets for each school. It is easier to give each one the same subnet mask, even if the amount of It equipment is vastly different. Also, do you need to provide separate networks for students, staff and admin ? My guess would be to allocate a /24 subnet to each of these, but also leave space so if one school expands, the subnetting is still contiguous. My guess would be to use a /22 mask for each school. with the first two /24 subnets for students, and the others for staff and admin. Each subnet is a different VLAN. It is useful to break it up like this mainly for security. Also in the future this is not a process you want to repeat, so making this decision now, will make changes in the future a lot easier. So the subnets are like this (use your own addresses if these are already allocated to the schools, and expecially if they host any services themselves) School A Students 10.0.4.0/24 and 10.0.5.0/24 Staff 10.0.6.0/24 Admin 10.0.7.0/24 School B Students 10.0.8.0/24 and 10.0.9.0/24 Staff 10.0.10.0/24 Admin 10.0.11.0/24 and so on. On the DHCP server at the central site, create scopes for each subnet. Make sure you exclude the subnet and broadcast address for each of these (the .0 and .255 addresses) and also exclude the address you will use for the layer 3 device on each subnet (for routing to the other subnets). On every site you should use a layer 3 switch to route between the subnets, and to the central site. The Cisco Catalyst 3560-8PC is an absolute bargain for this. It has 8 10/100 Mbps interfaces, and an SFP interface that can support fibre. It does all the layer 3 you need, including routing protocols such as EIGRP. The 10/100 is almost certainly fast enough between the subnets on site, and feeding to the central site. Then look at how each one connects to the central site, which I presume will still provide the Internet access and some centralised resources. If it is fibre, then that is easy and the layer 3 switch will do the job. If it is a WAN link (Frame Realy or leased line) then you need a router, which you connect between the l3 switch and the WAN service. One thing to remember is that you need to configure DHCP relay (or forwarding) to pass the DHCP requests from the end user machine to the DHCP server. It is a simple config, but allows you to have a centralised DHCP service. Configure this on the L3 switches for every VLAN. At the central site I would look at a bigger L3 switch, just because of the number of connections it will need to make. Don't do any router on a stick config, the throughput will suffer terribly, and all you will get is user complaints. If your DHCP server sends out the correct addresses for the domain controller, the routing will take care of the rest, and all the schools will communicate. Adopting this approach will give you a good foundation for development of the network. Adding other services, such as VoIP will be easier if you have already set up a subnetted network, as it is easy to add more VLANs for this purpose. It may look a bit daunting, but if you use a step by step approach, and plan the changes first, then it should all go smoothly. I have done many such networks, and the benefits well worth the effort. As Mshen said, post any more questions in the discussion and we will try to help further.
    12,325 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following