Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Search Search
Search for:
Tech Support Guy > > >

New Network Setup


(!)

ultragrain's Avatar
ultragrain ultragrain is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jun 2011
Experience: Advanced
15-Jun-2011, 10:59 AM #1
New Network Setup
Hi,

I am in the planning stages of setting up a new network, I have drawn a diagram of the new setup. What do you think, do you propose any changes anywhere? or see any pitfalls.

Thanks
Sam
Attached Thumbnails
New Network Setup-drawing1.jpg  
mucker2010's Avatar
mucker2010 mucker2010 is offline
Senior Member with 505 posts.
 
Join Date: May 2011
Experience: Advanced
15-Jun-2011, 11:20 AM #2
I guess you have at least 3 NICs in the firewall/router and it allows you to configure 3 networks?
BTW your modem will not have a private IP, it will have a public IP and this will be assigned the WAN interface of the firewall...unless it is a modem/router but your diagram doesnt say this?

I also presume that your SBS server is going to be plugged into its own switch/hub with the clients?
Actually....your SBS won't have internet access...at least with that diagram because it won't be able to talk directly to the firewall with them being on diffrent subnets. You will need to apply some sort of NAT at the virtual server to allow the SBS to NAT through it's interface (whther you can do that I don't know as i don't know what server OS would be on there).
ultragrain's Avatar
ultragrain ultragrain is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jun 2011
Experience: Advanced
15-Jun-2011, 11:34 AM #3
Hi,

The router has 8 ports on there is thats what you mean (3 networks? the firewall allows the creation is sub lans). The SBS is a virtual server, I have updated the diagram now to show more information

Thanks
Sam
Attached Thumbnails
New Network Setup-drawing1.jpg  
mucker2010's Avatar
mucker2010 mucker2010 is offline
Senior Member with 505 posts.
 
Join Date: May 2011
Experience: Advanced
15-Jun-2011, 11:42 AM #4
ports are different to networks. So you can create VLans's then when you say sublans?
Basically you are going to have to assign one port on 192.168.1.x network, another on 192.168.1.x network and one on your public internet access (provdied by ISP). If you can do that and assign it 3 IP's as diffeent networks/Vlans then you can do it. You will still need some way of gettthing the SBS access to the interent via the VMware server. I don't use this, I use Hyper-V so I don't know whether it has NAT capbilities, I guess it does as I know it is a good product.
ultragrain's Avatar
ultragrain ultragrain is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jun 2011
Experience: Advanced
15-Jun-2011, 12:12 PM #5
Hello,

Its a Billion firewall/router, and I swear they have tried to use terminology that is as far away from industry standard as possible. From what I can tell they call Vlans "LAN Address Mapping". It allows me to specify a gateway, subnet mask etc and if I enter some details it puts it into the routing table (see attached).

VMWare does have NAT capabilities.

The thing is the Billion does allow VLAN bridge but not sure how to configure that.

-Sam
Attached Thumbnails
New Network Setup-routing.png   New Network Setup-vlan_bridge.png   New Network Setup-lan2.png  
mucker2010's Avatar
mucker2010 mucker2010 is offline
Senior Member with 505 posts.
 
Join Date: May 2011
Experience: Advanced
15-Jun-2011, 01:12 PM #6
I think billion routers aren't that good to be honest but it looks like you can create Vlans.
your second pic shows the VLans. At a guess I would say the default VLan ID it has created on port 8 is for your WAN connection.
but...I made a mistake, you don't even need vlans on your set up. I thought you WAP was on a different subnet for some reason but as it isn't (you only have two subnets) you only need two networks that any bog standard router can do, sorry!! Stupid eyesight!!
The router should work without any additional config.

you now have two ways to connect your SBS:
The NAT way that I orginally suggested or
An addtional VLan for this subnet 192.168.0.x and assign one port to that vlan. plug sbs into this.

I presume the VM server will have dedicated NICs for each VM? So you can use that NIC assigned to SBS and plug into Vlan id 192.168.0.x?
zx10guy's Avatar
zx10guy has a Photo Album
Computer Specs
Trusted Advisor with 4,079 posts.
 
Join Date: Mar 2008
15-Jun-2011, 02:14 PM #7
Ok. So I'm totally confused with your setup. First question I have is if your router can support more than one internal router interface or have a single router interface support multiple IP addresses. I know Netgear routers can do this and it's called multi-homing by Netgear. Cisco routers support this by either VLAN interfaces, individual physical interfaces, or secondary IPs assigned to existing interfaces.

Based on what I see in your diagram, you need to have two internal router interfaces for a total of three to include the WAN interface. Or you have to be able to assign a secondary/multi-homed IP address to the single existing internal router interface.

I see a wireless AP on your network. Is this AP a pure AP or a router running as a AP with DHCP capability? Who are the wireless clients that are connecting to it and what subnet are they going to be running on?

You don't need to do any NAT'ing if you plan this correctly. So far I see two subnets 192.168.0.x and 192.168.1.x. How many physical interfaces are you running on your ESXi server?

As a talking point, I have two ESXi servers running on my home network. One currently supports 2 VMs with 4 configured. The other has another 2 with more to be brought on line with 4 configured. I have at least 7 subnets running on my LAN and the VMs are sitting on 3 different subnets. I have a single interface from the ESXi server providing "production" facing connections running as a VLAN trunk into one of my switches. There are 3 Vswitches on each ESXi server.
mucker2010's Avatar
mucker2010 mucker2010 is offline
Senior Member with 505 posts.
 
Join Date: May 2011
Experience: Advanced
15-Jun-2011, 02:34 PM #8
Zx please don't take this as me kicking off but I find it annoying when you dismiss other peoples suggestions sometimes before even knowing the full setup, it is disrespectful. I have given him two options, one of them that you are just repeating with more info but dismissing the NAT one.

What we don't know is:
a) on the VM server is each VM machine going to have its own dedicated NIC?
b) at least from your own question you're asking whether the router can support multiple IP addresses?

Lets say you can't do b so we assign it 192.168.1.4 and all VM's will share one NIC. Tell me now how will you get the SBS working working without NAT??

Last edited by mucker2010; 15-Jun-2011 at 02:40 PM..
zx10guy's Avatar
zx10guy has a Photo Album
Computer Specs
Trusted Advisor with 4,079 posts.
 
Join Date: Mar 2008
15-Jun-2011, 02:55 PM #9
Quote:
Originally Posted by mucker2010 View Post
Zx please don't take this as me kicking off but I find it annoying when you dismiss other peoples suggestions sometimes before even knowing the full setup. I have given him two options, one of them that you are just repeating with more info but dismissing the NAT one.

What we don't know is:
a) on the VM server is each VM machine going to have its own dedicated NIC?
b) at least from your own question you're asking whether the router can support multiple IP addresses?

Lets say you can't do b so we assign it 192.168.1.4 and all VM's will share one NIC. Tell me now how will you get the SBS working working without NAT??
You know. I can go on about similar examples of this from you. But I won't go there.

One. I don't care what has been said. ESXi does NOT have NAT capabilities. It's a host OS to provide an environment for VMs to be built on. The vSwitch on the OS is nothing more than a software layer 2 switch. Nothing more.

Even if there were a physical NIC assigned to each VM, that still won't solve the underlying network design issues. Not to mention throwing a dedicated NIC to each VM is totally counter to the goals of virtuallization and scaleability unless there is an extremely compelling reason to do so.

How do I know all this? Like I said, I have two ESXi servers running on my LAN I built from the ground up running VMs which are: domain controller, collaboration server (Email, Jabber Chat, and message board), two simulated NetApp filers, a What's Up Gold server, a SolarWinds Orion NMS server, and a Windows XP Pro 64 bit workstation streaming audio. I don't know anything about MS' HyperV so I didn't and won't comment on that.
ultragrain's Avatar
ultragrain ultragrain is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jun 2011
Experience: Advanced
16-Jun-2011, 12:26 AM #10
Hello,

The router/firewall does support multiple IP addresses.

All I have done here is disable DCHP on the wireless interface (its a router) and change the router (wireless interface) to an IP thats on my internal network (192.168.1.x).

This is an router with DCHP as the only DCHP server in the network will be the SBS 2011 server, there will be internal staff connecting to the network as well as mobile devices and visitors etc.

There is one physical nic on the ESXi.
Attached Thumbnails
New Network Setup-capture.jpg  
ultragrain's Avatar
ultragrain ultragrain is offline
Member with 7 posts.
THREAD STARTER
 
Join Date: Jun 2011
Experience: Advanced
16-Jun-2011, 01:29 AM #11
Hi,

Ok, so the network setup has begun.

So just to clarify it looks like the Billion is using the same sort of features as netgear multihome. So I added a new subnet (192.168.0.1) and I have set the SBS server to 192.168.0.2 and its gateway to 192.168.0.1 and so far its dishing out the requests via DCHP to connecting computers (192.168.0.x) and now they are able to connect to the net.

Now am I correct in thinking that since the wiresless is on 192.168.1.x that going to cause file sharing problems and it would be best if it was on the same subnet 192.168.0.x?

-Sam
mucker2010's Avatar
mucker2010 mucker2010 is offline
Senior Member with 505 posts.
 
Join Date: May 2011
Experience: Advanced
16-Jun-2011, 03:16 AM #12
Why don't you just test it. It might work because when you create the VLans (from your pics) I noticed it said bridged mode etc. I going to have a guess and say that means it will route traffic between the two subnets. Is there any particular reason for wanting to put the WAP on a different subnet?
zx10guy's Avatar
zx10guy has a Photo Album
Computer Specs
Trusted Advisor with 4,079 posts.
 
Join Date: Mar 2008
16-Jun-2011, 06:24 AM #13
Quote:
Originally Posted by ultragrain View Post
Hi,

Ok, so the network setup has begun.

So just to clarify it looks like the Billion is using the same sort of features as netgear multihome. So I added a new subnet (192.168.0.1) and I have set the SBS server to 192.168.0.2 and its gateway to 192.168.0.1 and so far its dishing out the requests via DCHP to connecting computers (192.168.0.x) and now they are able to connect to the net.

Now am I correct in thinking that since the wiresless is on 192.168.1.x that going to cause file sharing problems and it would be best if it was on the same subnet 192.168.0.x?

-Sam
Actually, I think, you'll be fine. The reason is that based on what you've said recently, you're not running any VLANs or more specifically, your 192.168.0.0 subnet is not on one VLAN and 192.168.1.0 is on a different VLAN. Since both 192.168.0.0 and 192.168.1.0 are sharing the same layer 2 transport, the DHCP requests will still be seen by clients connecting to the wireless AP even though the AP has a management IP on the 192.168.1.0 subnet. From a security stand point this isn't an ideal design especially if you have guest users with access to the network.

Who is going to use the wireless services on your network?

Depending on the answer there are specific design criteria to consider. What type of wireless AP is this? As an example, I have two Netgear APs running on my home network: a WG102 and a WNDAP350. Each of these APs have the capability of running multiple SSIDs. A SSID can be created for guest access only and another for the company employees. Each of these SSIDs can run different encryption schemes and are separated at the AP via VLAN tagging when the traffic is placed onto the LAN. There is also the ability to set the management interface (IP) of the AP onto a different management VLAN which is best practices for security.
mucker2010's Avatar
mucker2010 mucker2010 is offline
Senior Member with 505 posts.
 
Join Date: May 2011
Experience: Advanced
16-Jun-2011, 08:23 AM #14
Quote:
Since both 192.168.0.0 and 192.168.1.0 are sharing the same layer 2 transport, the DHCP requests will still be seen by clients connecting to the wireless AP even though the AP has a management IP on the 192.168.1.0 subne
for my own understanding Zx I understand how the clients on the AP will get IP's through DHCP but what I am not sure of is how AP's handle or relay packets. Once the clients have IP's on the 192.168.0.x subnet will they be able to comminicate with the SBS through the AP even though it is on a different subnet (similar but not exact to the DHCP request process)? what i mean is does this also operate at layer 2? As in all AP's basically act as bridge and re-transmit packets it receives on one interface out the other? I originally thought that IP was somehow involved because you have to relay through the AP?
zx10guy's Avatar
zx10guy has a Photo Album
Computer Specs
Trusted Advisor with 4,079 posts.
 
Join Date: Mar 2008
16-Jun-2011, 08:41 AM #15
Quote:
Originally Posted by mucker2010 View Post
for my own understanding Zx I understand how the clients on the AP will get IP's through DHCP but what I am not sure of is how AP's handle or relay packets. Once the clients have IP's on the 192.168.0.x subnet will they be able to comminicate with the SBS through the AP even though it is on a different subnet (similar but not exact to the DHCP request process)? what i mean is does this also operate at layer 2? As in all AP's basically act as bridge and re-transmit packets it receives on one interface out the other? I originally thought that IP was somehow involved because you have to relay through the AP?
This can be confusing and I had to pause for a second to think through how this all will work. You have to separate out the functions of what an AP is and what many people are used to which is an AP integrated into a layer 3 device such as the plethera of wireless routers. Because the OP is doing "multi-homing" (Netgear speak) or multiple IPs on the same layer 2 network, the issue of the AP being on a different subnet is not an issue...provided the only DHCP server is the SBS server the OP is running. If the AP is a wireless router doing duty as an AP and functioning as a DHCP server too, well there will be problems not only for wireless clients but for wired workstations too.

So let's walk this through. A wireless client comes in and connects to the AP. Because the AP is not a DHCP server, it doesn't assign a DHCP address to the client. But, the DHCP broadcast request is dropped onto the LAN where the SBS server sees it and does it's normal routine in assigning the address and replying. Once the wireless client gets its IP, it just functions on the network as normal. The management IP of the AP being on a different subnet has no bearing on how the client talks onto the network. Again, this is all assuming the AP isn't just a wireless router doing duty as an AP and is functioning as a DHCP server too.

Now, if the OP is running VLANs, then that's where problems will come into play. Let's say VLAN 1 is for 192.168.0.0 and VLAN 2 is for 192.168.1.0. The AP will obviously be on VLAN 2 because of its assigned IP. A wireless client comes on and is looking for an IP address from the DHCP server. Well, the only option is to assign an IP address from a DHCP server with a scope in the 192.168.1.0 subnet because the wireless client is coming in on VLAN 2. This is not what the OP wants as he wants the clients to be on 192.168.0.0. Even if a DHCP relay agent is used to get the DHCP request broadcast from VLAN 2 to the SBS server on VLAN 1, this won't work as the packet is going to have a wrapper which shows it came from the 192.168.1.0 subnet which the SBS server won't have a scope for. This is the reason why I mentioned the Netgear APs I have. They allow multiple SSIDs separated by VLAN tagging.

Moreover, a discussion needs to happen concerning the network design. If guests are going to be treated like a normal employee client, then the OP is going to open the entire network to security vulnerabilities. The common method of creating a secure environment for guest access is to VLAN them off to only have internet access and no access to the corporate LAN. Recent developments in wireless technology now make it possible to secure guest access but without the need to generate "VLAN sprawl." This is done via various technologies as device fingerprinting, device profiling/patch checking, and user account authentication.

Hope this makes things a bit more clear.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑