kracksmith
join:2004-07-14
Fullerton, CA
| running out of IP addresses We are running out of IP addresses as the company is growing very quickly. that means all 254 addresses will be gone shortly.
what are my options to add more IP addresses to my network so everyone can see each other?
another router having 2 networks and make this router have the 2 network talk to each other?
super subnetting??
what else can I do to add more nodes to the network when almost all 254 IP addresses is used | |
|
 keason
Premium
join:2002-05-02
Ann Arbor, MI
 ·Sprint Mobile Broa..
| Re: running out of IP addresses Are you speaking of public or private IP addresses?
If public, you can get another block from your ISP.
If you are running out of private addresses, change your subnet mask from 255.255.255.0 to 255.255.0.0 and you'll have 64516 possible addresses.
e.g. if you are on a 10.1.1.0 network
you will be on a 10.1.0.0 network.
There is a point when you'll want to route inside of your network. Trying to diagnose problems can be very difficult with subnets that are too large. | |
|
kracksmith
join:2004-07-14
Fullerton, CA
| ok if I go from 255.255.255.0 to 255.255.0.0
and i use 192.168.0.1 through 192.168.0.254
now what happens if i used up all 1 through 254 IP addresses?
how does changing the subnet mask like you mention add more ip??
does it mean that by changing my subnet mask to 255.255.0.0 will allow 192.168.0.1 network to talk to 192.168.1.1?? | |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
2 edits | Changing the subnet mask from 255.255.255.0 to 255.255.0.0 gives you 65280 more IP's to use on your network (65536 in total including your current 256).
255.255.0.0 (or /16) lets you use 192.168.0.0 through to 192.168.255.255 on a single network.
BUT, the next questions is, if you are getting this big, why not seperate the network into logical groups of computers, i.e. have all of the admin/accounts computers on one subnet/vlan, all of the support computers on another, etc etc.
You do then need a router so that each subnet can access the others.
It is definately worth looking at and I would highly recommend it!  | |
|
kracksmith
join:2004-07-14
Fullerton, CA
| ok so by changing our subnet mask to 255.255.0.0 i am able to have 65,000 plus nodes on 1 network.
so just to confirm i can have some workstations 192.168.0.10 talk to other workstation 192.168.20.10 right?
we are not getting super big. but we are getting big enough to go through 254 ip numbers.
so basically we need a router if talking to different subnet mask. but we don't need a router if everyone is on subnet mask 255.255.0.0 right?
just curious as to why it's good to separate the network into logical groups of computers by department? security? faster networking? | |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
| Security, yes depending on certain circumstances.
Faster, yes - to an extent.
Consider this scenario:
Sorry about the big post
You break your LAN up into 3 logical groups:
* Administration and accounts
* Tech support and system/network admins
* Managers/board members etc
Admin and accounts may have certain applications on their PC's such as banking, excel spreadsheets with financial information etc.
Tech support and sys/net admins will have their various tools.
Managers etc will have other documents like future company plans, legal documents etc.
Generally you would want to keep this type of information within its respective groups.
Tech support guys dont need to know the financial status of the company, and probably dont need to know anything about the companies legal dealings.
Generally if a manager or board member wants financial information they dont go digging through someones computer, they will go and ask them for it
By breaking the LAN up into these groups you increase security in that respect.
Theres also the fact that if some poor support guy opens an email from a customer which happens to contain a virus which spreads via the network, only the support PC's are going to be infected. If this virus happens to spread itself by mailing itself to everyone in your address book, im sure the Boss' business contacts wouldnt be too pleased about getting viruses and spreading it on to their contacts
In regards to speed, lets say this virus goes wacko and decides to hammer every computer trying to propogate itself and spread through email. Only the support network (or one of the others if it happens to be the one infected) will suffer, leaving the admin and accounts people to collect money and ensure bills are paid, and most certainly keep the boss happy.
So while the support network has been infected you only have one group of computers to look after. And in the mean time you can patch the other computers to ensure they dont suffer the same problems.
Depending on the structure of your company you might have more or less logical groups.
Of course, all of this means you either need seperate physical switches to break them up, or you need switches which support VLANs. In any case you will need a router so that each network *CAN* get to the others. I say *CAN* because you can still access the others via their IP addresses, however, if you implement some access-lists on the router you can restrict what types of traffic can get through to each LAN.
Servers would need a couple of network cards, depending on how many lans they need to be accessible from.
You could always opt for a DHCP solution to assign IP's, that way when you need to expand you can increase the size of the pool rather than reconfiguring each computer manually.
Thats some food for thought. Its not to say you HAVE to do it, it would be a big configuration task, but if you get in early and configure these things before you skyrocket it will make your life easier in the future, or you can quit and leave someone else to do it  | |
|
 | kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses OK you are hired!
I'm going to go through what you said and explain it to my boss to see if she'll buy it.
right now we have 1 large LAN for production and 1 LAN for Accounting. they don't want to have it on one network for now. unless i can explain what you explained to me.
but within our production LAN we have many department. instead of having different logical group of subnet mask like you mention which is a security measure to avoid different department accessing other department files. but that is what NTFS permission is for right?
Within the following weeks to come, I'm planning to implement 255.255.0.0 for our production LAN so we can overcome the max 254 IP numbers.
since our production LAN is all hooked up by daisy chain style switches, i should add a router between 2 switches and control the access with ACLs for security (like you mentioned). with this router in place it will be more secure, but will this setup be faster or slower? with this all being switches broadcasting is everywhere but with a router in place information going from 1 segment to another will need to go through another layer, layer 3 instead of just staying at layer 2.
lastly if i implement 255.255.0.0 for everyone in our production LAN. technically i don't need a router right?
so the network only looks at the 1st 2 octecs but don't care for the last 2 octecs which can be anything, right? | |
|
| |
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
| Re: running out of IP addresses Inter-vlan performance will depend on the router you have stuck in the middle of them.
If its just a basic Cisco 2611 you wont get alot of performance, but if you say stick a 7301 (expensive!) in there with gigabit to each LAN you will get alot better performance.
As the old rule goes, you should aim to keep 80% of each users traffic local. Therefore the only traffic that should need to leave each LAN would be internet traffic, and anything else that isnt local to the LAN (for example, a network admin might initiate a Remote Desktop session to one of the accounts computers to fix something up).
Ive drawn up a quick diagram to show you exactly what ive been talking about. Each of the 3 LANs is a logical group, say for example the 3 I mentioned earlier.
»www.snnap.net/bbr/lans.png
Hope that helps | |
|
| | 
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| said by kracksmith  :lastly if i implement 255.255.0.0 for everyone in our production LAN. technically i don't need a router right? Remember that there is a middle ground between a /24 (255 addresses) and a /16 (65536 addresses). Have you considered a /23 (255.255.254.0) or /22 (255.255.252.0)? | |
|
PA23
join:2001-12-12
East Hanover, NJ
| be careful changing the netmask for a class C address (102.168.x.x is a class c). Although the cisco router will support classless addressing, your workstations may not.
--
It's the end of the world as we know it, and I feel fine | |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
| Oh yeah, I should have mentioned something like that :)
Continuing on from what sporkme said, there are many different subnet sizes inbetwen /24 and /16.
For example:
CIDR Subnet Mask IP Range # of IPs
---- ----------- -------- --------
/24 255.255.255.0 192.168.0.0-192.168.0.255 256
/23 255.255.254.0 192.168.0.0-192.168.1.255 512
/22 255.255.252.0 192.168.0.0-192.168.3.255 1024
/21 255.255.248.0 192.168.0.0-192.168.7.255 2048
/20 255.255.240.0 192.168.0.0-192.168.15.255 4096
/19 255.255.224.0 192.168.0.0-192.168.31.255 8192
/18 255.255.192.0 192.168.0.0-192.168.63.255 16384
/17 255.255.128.0 192.168.0.0-192.168.127.255 32768
/16 255.255.0.0 192.168.0.0-192.168.255.255 65536 | |
|
| kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses thanks guys. that diagram is PERFECT for my presentation.
i think i'm going to do my subnet mask in the 1024 range. i don't believe we will go beyond this anytime soon.
i believe the configuration for the subnet mask I need to make is to the 1600 cisco router which is our gateway to the Internet, NAT (sonic wall) and DHCP (win2k3). clients are all DHCP.
anything else i'm missing? | |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
| A Cisco 1600 wont give you alot of performance for inter-lan routing, its only got a 10mbit half duplex interface IIRC.
You say you have a sonic wall box? I would probably look at configuring this with a couple more 100mbit interfaces and using that as your router between lans.
Without realling knowing how your network is setup at the moment its hard to make suggestions on what you should put where, etc. | |
|
| kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses Here is my topology for a better understanding of what we have.
Internet -> 1600 -> sonic -> switch - segment - switch -segment - switch - segment - switch - segment -switch - segment - fiber switch -> fiber switch - segment
all of our switches are non manage 100mbps top speed. Fiber switch (1000mbps)is for our segment across the street.
the 1600 cisco is transparent to our LAN. We configured our Sonic to do NAT and mapping IPs from outside to inside.
no VLANs in our network. don't think we are going to go this route either.
since our switches are daisy chained like this does it mean we are broadcasting everytime something is requested?
they are planning to add another switch or 2 more, that is why i need more IP addresses.
What can i sugguest to them besides adding routers between switches to avoid broadcasting and security?
and exact where i need to make the subnet mask configuration besides what I said earlier? | |
|
| | lockedout
join:2004-06-02
| Re: running out of IP addresses Im trying to understand your existing equipment and set up a little better.
What brand switches and how many ports on each switch?
How many switches do you actually have in your current set up?
Are they all located within the same room or closet?
What model sonic wall and how many internal interfaces can you configure it for?
Aprox how many pc's are on each of your production and accounting segment's? | |
|
| | | kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses brand of all switches are Dlink. Each switch has 24 ports
We have 6 of these switches 4 of them next to the server and 2 out in the LAN. Our fiber switch is one of the 4 next to the server that connects directly to a segment accross the street.
we don't have a closet just 4 switches like i mention that is next on top of each other which is next to the server.
sonic is a pro 4060. so far we only do nating on it and port forwarding. some logging.
about 25 per segment i believe.
i think we never mind accounting for now. account has another ISP. i know we can put them on a different subnet or even a different port on the firewall but i'll talk to management later about this.
yea. i'm talking about pvt IP and not public.
so let's hear about some sugguestions to make our network better without having to purchase expensive equipments. i really like to use what we have but we can purchase a couple of new things to make it more better. | |
|
| | | | kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses I'm kinda getting off the subject here.
back to running out of IP addresses.
I'm going to change our entire network of 167 users to 255.255.254.0 this week so we can have 512 ip addresses minus 1st and last of course.
So anything static (printers, certain workstations) I'm going to change the subnet mask to 255.255.254.0
DHCP server will change to 254
NAT (which is our SonicFirewall from public to pvt) to 254
router (our gateway to the Internet) also will change to 254
hmmm, i believe that's it right? anything else I need to change to 254?
This needs to be done as our outside vendor wants to sell us a 10,000.00 USD IP Router. it's not my call but I would say a cheap used cisco 2514 from ebay would do fine.
but instead of a router for now I'm just going to change our subnet mask scheme to 254. | |
|
| | | | | aryoba
Premium,MVM
join:2002-08-22
| Re: running out of IP addresses kracksmith,
FYI, you need to watch the possible broadcast storm when you have a large network in one subnet.
Usually in one department (Finance, Technical Support, or else); a 254 IP address block in more than enough. Using anything larger than that might cause problematic broadcast storm.
You said yourself that there are 167 users. Is it 167 users in one department or in whole company? | |
|
| | | | | | kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses yea, the broadcast storm is my concern also. presently when only a few users are on the network but our switches are flashing like it's so busy. imagine when everyone is on the network.
So basically how switches communicate is when 1 workstation request something it ask everyone until it finds a reply from the correct destination.
then when the server replies it tells everyone until it finds the right destination.
So if everyone on the network is requesting then this equals a broadcast storm right?
167 users have 3 to 4 departments. This company grew pretty quick so initially it was just 1 or 2 switch then to add more users quickly, more switches was put in place. Now that we are opening another department there will be more than 254 users including fax, printers, and etc...
so i'm thinking my best bet is to use routers in between switchs for each department.
this will cut down the broadcast storming. but what kind of router should I use? something not expensive? will a 2514 work for this situation? or even a 2600? | |
|
csalazarv
Premium
join:2004-01-21
Costa Rica | these IP addresses I hope are not public (routable) IP's, they are private right?
you can use a different subnet mask and simply "get" more IPs if they are private (non routable IPs such as 192.168.etc ) | |
|
Angralitux
join:2004-05-20
DO
1 edit | why would you want to use a 2514 in your network??? why don't you look at more current equipment, and not one that would hold your network back such as the 2514?
the sonicwall 4060 pro is WAY more capable than your 1600 or a 2514, and even support VLAN, so if you want, you may get some other switch that suppport .1q frame tagging, cisco 2950 for example, but if you want to go cheap, you could go to ebay and get some dell or other switch that support VLAN's.
I would suggest to better get some help outside if you are a bit clueless about a new network design; I mean, in the forums, but also in-site. | |
|
Angralitux
join:2004-05-20
DO
| certanly you can create more broadcast domains with routers, but I think if you do VLAN's on a VLAN capable switch is way better.
you already have a good router, you only have to get a dot1q switch and you're done. or if you want to go cisco, here you can find help to do what you need to configure your equipment.
--
All Is possible... | |
|
lockedout
join:2004-06-02
| If I was faced with your problem I would do the following.
As Angralitux mentioned I would purchase a switch that will do vlan truning. Configure it for such then connect your current switches to the approriate port depending on what vlan you want each switch in.
Other option and Im not sure if this is possible on the Sonicwall. I would investigate configuring one of the other interfaces on the sonicwall to be the interface for your new network. Once configured connect this inteface to the switches you want on that network. I would recomending reading the manual and contacting tech support or posting in the Sonicwall forum on Sonicwalls website to see if this will work.
I would forget the idea of buying a 2500 router if you need a router buy a 2600 or 3600.
I would also re-cable the switches I would personally not have them daisy chained one off the other. I would have them each have a separate uplink to the switch that connects to the Sonicwall.
Remember if the network goes down no one is working. If it costs money to get it done correctly that's just part of business.
Good Luck. | |
|
kracksmith
join:2004-07-14
Fullerton, CA
| ok thanks. i got some serious advantages/disadvantages answered.
So the best way round my situation now is to upgrade our switches to VLAN if it doesn't have VLAN already. We use D-link DSS-24. VLAN will decrease our broadcast storm plus our topology will be logical instead of physical.
Also since we're running out of IP addresses we are going use the 224 subnet mask.
We are not going to hire an expensive network designer when there are so many talented people here on the forum.
We are not that big but big enough to go over 224 IP addresses though. So VLAN & subnet mask of 224 is what we will go with as soon as management ok it. | |
|
| aryoba
Premium,MVM
join:2002-08-22
| Re: running out of IP addresseskracksmith,
You could use a router and a switch that both support VLAN and trunking. Set one VLAN for each department. Let the router handle the inter-VLAN routing and default gateway. Following is the illustration:
Internet (ISP)
|
|
Router
|
| trunking
|
Switch
| | | |
+-------------+ | | +--------------+
| +----+ +----+ |
| | | |
VLAN 10 VLAN 20 VLAN 30 VLAN 40
Accounting Managers IT Administration
| | | |
Dumb Dumb Dumb Dumb
Switch #1 Switch #2 Switch #3 Switch #4
| | | | | | | | | | | |
PC PC PC PC PC PC PC PC PC PC PC PC
Please note that the above setup is called "Router-On-A-Stick" Design.
As to which router to use, you can use something like 1721 router. The Fast Ethernet port connects to the switch, handling the trunking, inter-VLAN routing, and default gateway to the Internet.
For a switch, you could use something like Catalyst 2950. You can use any port to connect to the router, handling the trunking.
Please note that the Cat 2950 with 12 ports should be good enough for the company need. Each department does not necessary need its own Cat 2950 to reduce the cost. You can place a dumb switch at each department which then connect to the PCs, printers, servers, etc; as shown in illustration. | |
|
| |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: running out of IP addresses said by aryoba :As to which router to use, you can use something like 1721 router. The Fast Ethernet port connects to the switch, handling the trunking, inter-VLAN routing, and default gateway to the Internet. For a switch, you could use something like Catalyst 2950. You can use any port to connect to the router, handling the trunking. Two things - I really doubt that a 17xx is going to approach anything near wire-speed (in this case 100Mb/s). If there's not much inter-vlan traffic, no problem. If those people have to cross a vlan to get to a file server, they might be unhappy if they are all shoved through that router.
Second, a nice cheap vlan-capable router is an old HP2424M. They pop up on Ebay now and then for under $300. | |
|
| | kracksmith
join:2004-07-14
Fullerton, CA
| Hi, I got everyone's feeback and it has been such a great help.
I have another question. If i'm separating my 1 giant LAN to 4 logical LAN, where do I put the file server?
If I put it in it's on VLAN then all other VLAN needs to cross over the router to see it which will cause a little delay. is there something I can do to not cross the router?
also in Aryoba little illustration "the router on a stick" i see 4 VLANs connected to a core switch. Is this switch necessary because the router only has 1 port?
would this be ideal?
have 4 nic cards in the server and have the server attach it's nics to all 4 VLANs? | |
|
| | | aryoba
Premium,MVM
join:2002-08-22
| Re: running out of IP addresses Q1:
"If i'm separating my 1 giant LAN to 4 logical LAN, where do I put the file server?"
A:
It depends on who access the server the most (among other things). Let's say that it is the Accounting department (VLAN 10) that access the server the most. Then you should put the server in the VLAN 10.
If all departments access the server in about the same frequency, then you might want to set a specific VLAN only for servers (i.e. VLAN 50 for servers only).
Q2:
"If I put it in it's on VLAN then all other VLAN needs to cross over the router to see it which will cause a little delay. is there something I can do to not cross the router?"
Comment:
In general, routing is "slower" than switching. However in your case, inter-VLAN routing time process should not affect the network performance in such a big deal.
Q3:
"also in Aryoba little illustration 'the router on a stick' i see 4 VLANs connected to a core switch. Is this switch necessary because the router only has 1 port?"
A:
The switch is necessary to provide multiple broadcast domains (by using VLAN). The router acts as the trunk and inter-VLAN routing.
Q4:
"have 4 nic cards in the server and have the server attach it's nics to all 4 VLANs. would this be ideal?"
Comment:
It depends how you define "ideal". By using such setup, the server would have to deal with 4 different IP addresses; which should not be the server's job. If I were you, I would let the server just do file serving as it is its main concern; and let other devices handling the multiple IP addresses. | |
|
| | | |
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia | Re: running out of IP addresses How did you go kracksmith?
Cheers | |
|
| | | | | kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses Hi all. sorry i haven't posted any result because there are none yet.
This project is still up in the air. We haven't quite ran out of IPs with maybe under 10 left.
I won't know what we are going to do until sometimes early next year.
I just know we are approved for a new gateway 2600 router (trucking) and smart switches throughout for the VLANs
so basically we will be able to do a /23 having 512 nodes
we will use only one of the sonic firewall port for a separate network (accounting) while sharing our T1 line.
any last request anyone has for me before year end?
| |
|
|
lockedout
join:2004-06-02
| Sorry if Im beating a dead horse. (sort of feel like I am)
But Im confused why you want to change the mask? I think its creating more work for yourself now and just something you will want to eventually undo later.
From reading your posts you mention having 167 users. I only come up with 144 switch ports (6 switches x 24ports each)with your current equipment. Are there hubs at the desks? You could add 4 more switches (96 ports) before running out of ip's.
How soon do you expect the company to grow and use the remaining ip's?
Are all of the users on the same floor? In the same building?
In my opinion your best option is to investigate adding a new ip range because you will need it eventually.
Did you configure the Sonicwall originally? | |
|
| kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses Lockedout,
I'm following yours & others advice to switch to a VLAN.
I need to change the mask because we're running out of IP addresses.
I know we have a couple of ways around this.
1. I can create another network and have a router talk to each network.
2. or I can change the subnet mask to 224 and have 512 nodes in 1 network, minus the 1st and last IP addresses of course. and if I decided to go this route then I would get VLAN switches to avoid the broadcast storm.
3. same as option 2 but put in a router in front of the new department switch.
otherwise if I stick to #1 option I would have the existing broadcast storm. but of course if the router is in place the exisiting broadcast storm we have now won't get to the new network.
yes we have 167 users with only 144 switch ports. I forgot we have other small switches, 10port here and there which i'm going to get rid of. If i add more switch ports as you mention then the broadcast storm will be greater. now what happens if I need to add more users than 254? add more switches? i need to prepare ahead and there is no better time than now because another entire department will open up soon, which will make it over 254 ip addresses.
From everyone's input these are my 3 options unless you have something different which I can inhale, I'm all ears as you folks are the experts here.
i believe we will run out of IP addreses within 5 months, or sooner.
We have 2 floors here plus 1 depart arcoss the street (that is why we have a fiber switch). now we are going to open another new department across another street. | |
|
| | lockedout
join:2004-06-02 | Re: running out of IP addresses Thanks for all that info. It helps me understand your situation better. Have a few more questions for you.
Did you configure the Sonicwall?
Where do you plan on putting the new group? | |
|
| | | kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses Sonic has been configured only using NAT (translating public and pvt), ip mapping (mapping public to internat static), and some logging.
I haven't really went through the entire manual. but i'm looking at what it has to offer. Then we'll choose the services and configure it.
we plan to put this new department across the street. | |
|
lockedout
join:2004-06-02
1 edit | In my opinion I would leave the subnet mask as it is.
You should be able to get the new setup in place before you run out of ip's.
Can you look through the Sonicwall manual to find out if you can configure multiple internal ports on the Sonicwall. You also might want to post the question over on the forum on Sonicwalls site. So you would be using the LAN interface for your existing network and connect it to a couple of your current switches (as you are now). Configure a new internal interface on a different port on the SonicWall using a different ip range and connect it to some of your remaining switches. This giving you two and potentially more new ranges depending on the number of usable interfaces on the SonicWall.
Otherwise you will need to buy an additional switch that will handle vlans as Angralitux mentioned.
I would put the first floor on one ip range, the second floor on a different and possibly the building across the street on another.
Let me know if you find out if multiple interfaces on the Sonicwall is actually an option. | |
|
| kracksmith
join:2004-07-14
Fullerton, CA
| Re: running out of IP addresses Lockedout:
ok I'm starting to agree with you in leaving the subnet mask alone unless our infrustructure is configured better physically. OK I need to open the sonic manual to find out if those internal ports areconfigurable for VLAN or even just simple routing for multiple networks, i believe we have 4 ports which 1 is already taken from our existing LAN. I think this is one of my best option if the Sonic ports are routable or have VLAN. Angralitux? never heard of them. reputable comparing to Cisco?
Aryoba, a router on a stick huh, hmm i thnk i heard of that somewhere else once. If those ports I have on the Sonic are VLANable then that diagram is what I'm plan to present to my bosses. Otherwise we may need to purchase some VLAN switches. But what you are saying is to purchase a Cisco Catalyze 2950 switch. So it'll go like Internet -> router -> 2950 vlan -> into 4 dumb switches for each department.
Sporkme - I have a basic question I don't really know. When VLAN communicates to VLAN does it need to go through a router? The VLAN switch can't route their own internal ports to each other? | |
|
| |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: running out of IP addresses said by kracksmith :Sporkme - I have a basic question I don't really know. When VLAN communicates to VLAN does it need to go through a router? The VLAN switch can't route their own internal ports to each other? A switch generally is not going to move traffic between VLANs. There are exceptions, but they would likely be outside your budget (and unnecessary if your SonicWall can route between ports).
VLANs are basically like taking a switch and partitioning it into a bunch of little independent switches. You need to have some layer 3 device to actually route traffic from one vlan to another. If the device is not capable of 100Mb (and you won't find anything too cheap that is) you'll find that your traffic between vlans may be a bit slow. I would imagine in an office most traffic will be to a server, and in that case you could kind of "cheat" and give the server an interface in each VLAN (and give an IP address from each subnet in each VLAN) - this can be done on one NIC if the server has an ethernet card capable of vlans. That would leave the router only having to route internet traffic and any traffic from client to client that crosses a VLAN.
If your SonicWall can route between interfaces though, you're basically all set, there's no more equipment to buy. Just put each "department" on it's own interface on the SonicWall... | |
|
Angralitux
join:2004-05-20
DO
| Your SonicWall PRO4060, it's a very capable device. Even better than a cisco 2600 for what you want to do, provided that all the specs are true.
»www.sonicwall.com/products/pro4060.html
although I don't like to have a "do it all" device, for you seems like the most logical path to follow. but then, you are on your on, because this is a Cisco, not sonicwall forum.
Personally, I would do it the way aryoba suggested, and I would get a catalyst switch and a 2600 series router, and let the sonicwall do the firewall and web filtering, and even VPN.
--
All Is possible... | |
|
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: running out of IP addresses said by Angralitux :Personally, I would do it the way aryoba suggested, and I would get a catalyst switch and a 2600 series router, and let the sonicwall do the firewall and web filtering, and even VPN. Why? That SonicWall has much more cpu juice than a 2600. You're suggesting he go with something that will not be able to forward anywhere near wire speed. He's not doing anything complex enough that another piece of Cisco gear is "needed"... | |
|
Angralitux
join:2004-05-20
DO
| because he could find a better use for that router (I.E. content filtering, VPN access, firewall, etc). In the other hand, I don't know how it will handle Trunking, and even if it will going to work with a cisco switch.
anyway, with the sonicwall having 6 Fast ethernet ports, I think he could part his network pretty well, without the use of VLANs. What he only have to do is to connect a different switch in each of the ports, use a different network on each router port, and enable the appropiate routing btw the networks.
--
All Is possible... | |
|
|
|
|
|
·