kracksmith
join:2004-07-14
Fullerton, CA
| reply to aryoba
Re: running out of IP addresses
yea, the broadcast storm is my concern also. presently when only a few users are on the network but our switches are flashing like it's so busy. imagine when everyone is on the network.
So basically how switches communicate is when 1 workstation request something it ask everyone until it finds a reply from the correct destination.
then when the server replies it tells everyone until it finds the right destination.
So if everyone on the network is requesting then this equals a broadcast storm right?
167 users have 3 to 4 departments. This company grew pretty quick so initially it was just 1 or 2 switch then to add more users quickly, more switches was put in place. Now that we are opening another department there will be more than 254 users including fax, printers, and etc...
so i'm thinking my best bet is to use routers in between switchs for each department.
this will cut down the broadcast storming. but what kind of router should I use? something not expensive? will a 2514 work for this situation? or even a 2600? |
|
Angralitux
join:2004-05-20
DO
| reply to kracksmith
certanly you can create more broadcast domains with routers, but I think if you do VLAN's on a VLAN capable switch is way better.
you already have a good router, you only have to get a dot1q switch and you're done. or if you want to go cisco, here you can find help to do what you need to configure your equipment.
--
All Is possible... |
|
lockedout
join:2004-06-02
| reply to kracksmith
If I was faced with your problem I would do the following.
As Angralitux mentioned I would purchase a switch that will do vlan truning. Configure it for such then connect your current switches to the approriate port depending on what vlan you want each switch in.
Other option and Im not sure if this is possible on the Sonicwall. I would investigate configuring one of the other interfaces on the sonicwall to be the interface for your new network. Once configured connect this inteface to the switches you want on that network. I would recomending reading the manual and contacting tech support or posting in the Sonicwall forum on Sonicwalls website to see if this will work.
I would forget the idea of buying a 2500 router if you need a router buy a 2600 or 3600.
I would also re-cable the switches I would personally not have them daisy chained one off the other. I would have them each have a separate uplink to the switch that connects to the Sonicwall.
Remember if the network goes down no one is working. If it costs money to get it done correctly that's just part of business.
Good Luck. |
|
kracksmith
join:2004-07-14
Fullerton, CA
| reply to kracksmith
ok thanks. i got some serious advantages/disadvantages answered.
So the best way round my situation now is to upgrade our switches to VLAN if it doesn't have VLAN already. We use D-link DSS-24. VLAN will decrease our broadcast storm plus our topology will be logical instead of physical.
Also since we're running out of IP addresses we are going use the 224 subnet mask.
We are not going to hire an expensive network designer when there are so many talented people here on the forum.
We are not that big but big enough to go over 224 IP addresses though. So VLAN & subnet mask of 224 is what we will go with as soon as management ok it. |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
1 edit | reply to kracksmith
Hope it all goes well 
If you get the chance take some pics for us and/or provide some updates as youre going along  |
|
lockedout
join:2004-06-02
| reply to kracksmith
Sorry if Im beating a dead horse. (sort of feel like I am)
But Im confused why you want to change the mask? I think its creating more work for yourself now and just something you will want to eventually undo later.
From reading your posts you mention having 167 users. I only come up with 144 switch ports (6 switches x 24ports each)with your current equipment. Are there hubs at the desks? You could add 4 more switches (96 ports) before running out of ip's.
How soon do you expect the company to grow and use the remaining ip's?
Are all of the users on the same floor? In the same building?
In my opinion your best option is to investigate adding a new ip range because you will need it eventually.
Did you configure the Sonicwall originally? |
|
kracksmith
join:2004-07-14
Fullerton, CA
| Lockedout,
I'm following yours & others advice to switch to a VLAN.
I need to change the mask because we're running out of IP addresses.
I know we have a couple of ways around this.
1. I can create another network and have a router talk to each network.
2. or I can change the subnet mask to 224 and have 512 nodes in 1 network, minus the 1st and last IP addresses of course. and if I decided to go this route then I would get VLAN switches to avoid the broadcast storm.
3. same as option 2 but put in a router in front of the new department switch.
otherwise if I stick to #1 option I would have the existing broadcast storm. but of course if the router is in place the exisiting broadcast storm we have now won't get to the new network.
yes we have 167 users with only 144 switch ports. I forgot we have other small switches, 10port here and there which i'm going to get rid of. If i add more switch ports as you mention then the broadcast storm will be greater. now what happens if I need to add more users than 254? add more switches? i need to prepare ahead and there is no better time than now because another entire department will open up soon, which will make it over 254 ip addresses.
From everyone's input these are my 3 options unless you have something different which I can inhale, I'm all ears as you folks are the experts here.
i believe we will run out of IP addreses within 5 months, or sooner.
We have 2 floors here plus 1 depart arcoss the street (that is why we have a fiber switch). now we are going to open another new department across another street. |
|
lockedout
join:2004-06-02 | Thanks for all that info. It helps me understand your situation better. Have a few more questions for you.
Did you configure the Sonicwall?
Where do you plan on putting the new group? |
|
kracksmith
join:2004-07-14
Fullerton, CA
| Sonic has been configured only using NAT (translating public and pvt), ip mapping (mapping public to internat static), and some logging.
I haven't really went through the entire manual. but i'm looking at what it has to offer. Then we'll choose the services and configure it.
we plan to put this new department across the street. |
|
lockedout
join:2004-06-02
1 edit | reply to kracksmith
In my opinion I would leave the subnet mask as it is.
You should be able to get the new setup in place before you run out of ip's.
Can you look through the Sonicwall manual to find out if you can configure multiple internal ports on the Sonicwall. You also might want to post the question over on the forum on Sonicwalls site. So you would be using the LAN interface for your existing network and connect it to a couple of your current switches (as you are now). Configure a new internal interface on a different port on the SonicWall using a different ip range and connect it to some of your remaining switches. This giving you two and potentially more new ranges depending on the number of usable interfaces on the SonicWall.
Otherwise you will need to buy an additional switch that will handle vlans as Angralitux mentioned.
I would put the first floor on one ip range, the second floor on a different and possibly the building across the street on another.
Let me know if you find out if multiple interfaces on the Sonicwall is actually an option. |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to kracksmith
kracksmith,
You could use a router and a switch that both support VLAN and trunking. Set one VLAN for each department. Let the router handle the inter-VLAN routing and default gateway. Following is the illustration:
Internet (ISP)
|
|
Router
|
| trunking
|
Switch
| | | |
+-------------+ | | +--------------+
| +----+ +----+ |
| | | |
VLAN 10 VLAN 20 VLAN 30 VLAN 40
Accounting Managers IT Administration
| | | |
Dumb Dumb Dumb Dumb
Switch #1 Switch #2 Switch #3 Switch #4
| | | | | | | | | | | |
PC PC PC PC PC PC PC PC PC PC PC PC
Please note that the above setup is called "Router-On-A-Stick" Design.
As to which router to use, you can use something like 1721 router. The Fast Ethernet port connects to the switch, handling the trunking, inter-VLAN routing, and default gateway to the Internet.
For a switch, you could use something like Catalyst 2950. You can use any port to connect to the router, handling the trunking.
Please note that the Cat 2950 with 12 ports should be good enough for the company need. Each department does not necessary need its own Cat 2950 to reduce the cost. You can place a dumb switch at each department which then connect to the PCs, printers, servers, etc; as shown in illustration. |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| said by aryoba  :As to which router to use, you can use something like 1721 router. The Fast Ethernet port connects to the switch, handling the trunking, inter-VLAN routing, and default gateway to the Internet. For a switch, you could use something like Catalyst 2950. You can use any port to connect to the router, handling the trunking. Two things - I really doubt that a 17xx is going to approach anything near wire-speed (in this case 100Mb/s). If there's not much inter-vlan traffic, no problem. If those people have to cross a vlan to get to a file server, they might be unhappy if they are all shoved through that router.
Second, a nice cheap vlan-capable router is an old HP2424M. They pop up on Ebay now and then for under $300. |
|
kracksmith
join:2004-07-14
Fullerton, CA
| reply to lockedout
Lockedout:
ok I'm starting to agree with you in leaving the subnet mask alone unless our infrustructure is configured better physically. OK I need to open the sonic manual to find out if those internal ports areconfigurable for VLAN or even just simple routing for multiple networks, i believe we have 4 ports which 1 is already taken from our existing LAN. I think this is one of my best option if the Sonic ports are routable or have VLAN. Angralitux? never heard of them. reputable comparing to Cisco?
Aryoba, a router on a stick huh, hmm i thnk i heard of that somewhere else once. If those ports I have on the Sonic are VLANable then that diagram is what I'm plan to present to my bosses. Otherwise we may need to purchase some VLAN switches. But what you are saying is to purchase a Cisco Catalyze 2950 switch. So it'll go like Internet -> router -> 2950 vlan -> into 4 dumb switches for each department.
Sporkme - I have a basic question I don't really know. When VLAN communicates to VLAN does it need to go through a router? The VLAN switch can't route their own internal ports to each other? |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| said by kracksmith :Sporkme - I have a basic question I don't really know. When VLAN communicates to VLAN does it need to go through a router? The VLAN switch can't route their own internal ports to each other? A switch generally is not going to move traffic between VLANs. There are exceptions, but they would likely be outside your budget (and unnecessary if your SonicWall can route between ports).
VLANs are basically like taking a switch and partitioning it into a bunch of little independent switches. You need to have some layer 3 device to actually route traffic from one vlan to another. If the device is not capable of 100Mb (and you won't find anything too cheap that is) you'll find that your traffic between vlans may be a bit slow. I would imagine in an office most traffic will be to a server, and in that case you could kind of "cheat" and give the server an interface in each VLAN (and give an IP address from each subnet in each VLAN) - this can be done on one NIC if the server has an ethernet card capable of vlans. That would leave the router only having to route internet traffic and any traffic from client to client that crosses a VLAN.
If your SonicWall can route between interfaces though, you're basically all set, there's no more equipment to buy. Just put each "department" on it's own interface on the SonicWall... |
|
Angralitux
join:2004-05-20
DO
| reply to kracksmith
Your SonicWall PRO4060, it's a very capable device. Even better than a cisco 2600 for what you want to do, provided that all the specs are true.
»www.sonicwall.com/products/pro4060.html
although I don't like to have a "do it all" device, for you seems like the most logical path to follow. but then, you are on your on, because this is a Cisco, not sonicwall forum.
Personally, I would do it the way aryoba suggested, and I would get a catalyst switch and a 2600 series router, and let the sonicwall do the firewall and web filtering, and even VPN.
--
All Is possible... |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| said by Angralitux :Personally, I would do it the way aryoba suggested, and I would get a catalyst switch and a 2600 series router, and let the sonicwall do the firewall and web filtering, and even VPN. Why? That SonicWall has much more cpu juice than a 2600. You're suggesting he go with something that will not be able to forward anywhere near wire speed. He's not doing anything complex enough that another piece of Cisco gear is "needed"... |
|
Angralitux
join:2004-05-20
DO
| reply to kracksmith
because he could find a better use for that router (I.E. content filtering, VPN access, firewall, etc). In the other hand, I don't know how it will handle Trunking, and even if it will going to work with a cisco switch.
anyway, with the sonicwall having 6 Fast ethernet ports, I think he could part his network pretty well, without the use of VLANs. What he only have to do is to connect a different switch in each of the ports, use a different network on each router port, and enable the appropiate routing btw the networks.
--
All Is possible... |
|
kracksmith
join:2004-07-14
Fullerton, CA
| reply to aryoba
Hi, I got everyone's feeback and it has been such a great help.
I have another question. If i'm separating my 1 giant LAN to 4 logical LAN, where do I put the file server?
If I put it in it's on VLAN then all other VLAN needs to cross over the router to see it which will cause a little delay. is there something I can do to not cross the router?
also in Aryoba little illustration "the router on a stick" i see 4 VLANs connected to a core switch. Is this switch necessary because the router only has 1 port?
would this be ideal?
have 4 nic cards in the server and have the server attach it's nics to all 4 VLANs? |
|
aryoba
Premium,MVM
join:2002-08-22
| Q1:
"If i'm separating my 1 giant LAN to 4 logical LAN, where do I put the file server?"
A:
It depends on who access the server the most (among other things). Let's say that it is the Accounting department (VLAN 10) that access the server the most. Then you should put the server in the VLAN 10.
If all departments access the server in about the same frequency, then you might want to set a specific VLAN only for servers (i.e. VLAN 50 for servers only).
Q2:
"If I put it in it's on VLAN then all other VLAN needs to cross over the router to see it which will cause a little delay. is there something I can do to not cross the router?"
Comment:
In general, routing is "slower" than switching. However in your case, inter-VLAN routing time process should not affect the network performance in such a big deal.
Q3:
"also in Aryoba little illustration 'the router on a stick' i see 4 VLANs connected to a core switch. Is this switch necessary because the router only has 1 port?"
A:
The switch is necessary to provide multiple broadcast domains (by using VLAN). The router acts as the trunk and inter-VLAN routing.
Q4:
"have 4 nic cards in the server and have the server attach it's nics to all 4 VLANs. would this be ideal?"
Comment:
It depends how you define "ideal". By using such setup, the server would have to deal with 4 different IP addresses; which should not be the server's job. If I were you, I would let the server just do file serving as it is its main concern; and let other devices handling the multiple IP addresses. |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia | How did you go kracksmith?
Cheers |
|
