Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Replacement Router Recommendations.

Status
Not open for further replies.

larry419

IS-IT--Management
Jan 26, 2011
17
US
I have a small business network that has a couple unique quirks that are giving me grief when it come to upgrading and replacing our gateway/router.

I have only 1 50/5mb internet connection. Our network backbone consists of 9 gigabit 48 port switches for Vlan1.

Our primary lan1 has two dhcp servers running with an 75/25 split of the range 192.168.0.1 - 192.168.3.254 using the subnet mask of 255.255.252.0

I run 3 different vlans for various reasons. A second runs 192.168.200.1 /22 mask and a third 192.168.400.0 /22 Vlan2 and Vlan3 each have thier own dhcp server. Vlan2 and vlan3 are physically separate once past the gateway router and have their own dedicated switches.

I have some equipment in use on Vlan1 that only supports Class C addressing with a true class C mask of 255.255.255.0

As a result I have our gateway set to a static address of 192.168.0.254. (reserved in all dhcp servers)

I know...... It ain't pretty but it works and has worked for over 4 years this way.

I inherited a Linksys WRV200 router that has been used as the gateway. It was replaced once a couple years ago due to random slowdowns. The one in use now is starting to show the same symptoms. Resetting it will get another couple days to a couple weeks without any problems. The wireless function of this router has been disabled and is not used. The main reason that this router was used was to have VPN access for administration purposes only, had vlan capability and it had a user selectable subnet mask.

The last being the most important. By using a subnet mask of 255.255.0.0 at the router, all three vlans have internet access and older Class C only equipment still functions.

Lot of details to ask a simple question....... I am looking for a more robust small business gigabit router that will support a class B subnet mask on a class C network.

Most of what I have found only offer a predefined drop down menu to select from. The wrv200 had no limitations on the subnet mask.

I liked the WRS4000 or even the RV016 or RV082 but they only support true class c subnetting. Surely the wrv200 wasn't a fluke. There has to be other SMB VPN routers out there that allowed for a user selectable subnet mask.

Any ideas ???

Thanks.
 
I don't like that story much.

The way I would do your network is to trunk all three VLANs up the uplink to the router, and on the router to configure subinterfaces, one for each VLAN/subnet.
(And put the legacy classful devices in the same /24 space as the router address for their subnet, as I think you are doing).

There are a couple of things I would do differently to you though:

1/ I always try to use /24 subnets to make sure the junior and non-technical IT staff will always understand their subnets. As soon as you start using /22s, a huge proportion of the IT department loses the ability to understand their network.
My design method is,
- use each VLAN on as few network devices as possible (ideally, SVI on the core, trunked to a single Access switch or wiring closet)
- trunk as few VLANs as possible to each switch/wiring closet (ideally, each VLAN is synonymous with a physical location)

2/ If I have weirdo legacy devices like lab equipment or medical instruments that use LAT or some other old protocol, have special Layer2 requirements, or for some other reason don't fit in with the normal subnets, I create a VLAN especially for them and keep them well away from the standard workstations. Some people like to treat printers like this, too.
 
Thanks for the reply. Maybe having the back story was a bad idea. Perhaps I should just have asked for a list of routers that support user selectable subnet masks not restricted to purely class c masks.

I am a department of 1. There is really no need to worry about other IT staff. I alone am responsible for a nearly 300 device network. All resources are shared on this network. The only reason vlans are used is to separate a guest wifi network from the business network and to separate a security camera system.

Even though it would be a lot of work for a 1 man department, I would love to move to a class b addressing scheme but cannot due to the requirements of some devices.

I am not looking to use a router in a traditional small business sense as I only need it to serve as a gateway between our network and the service provider. Thus the reason that I need a 255.255.0.0 subnet mask to allow all of my traffic through and do it all on a shoestring budget.

I also realize that most any old piece of Cisco hardware would work but I am trying to stick with something web based controlled so that I could at least walk somebody through a problem or help the next person that sits in my chair that would know nothing about Cisco networking.
 
get a small fortigate device and call it a day ..
i'd say probably a 100C will do for you assuming you don't need more than 1Gbps (uni directional) past verion 5.0.7 on their devices the GUI is pretty darn good and we have it deployed at over 200 remote sites with out issues. management is fairly easy and the devices are inexpensive for what they do for you .

if you want web-based'ish go for an ASA and install ASDM (buggggy but cisco has been making it better slowly)


other option is meraki (?spelling) they are pretty decent web based stuff and configuration is fairly simple.

that said ---------
listen to vince, the setup you have is NOT ideal ;)


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Thanks imbadatthis I'll look into those.

The setup isn't as bad as it sounds. The only place vlans are implemented is at the router/gateway. The actual network lans themselves are physically isolated (own cables, own switches). They only come together at the gateway. Which is why i needed such a large subnet mask. They all function fine as their own network albeit a /22 due to the number of devices.
 
i dont have an issue with your network or the mask ...
i guess i should have explained.. if they are truly two diff networks then treat them that way .. any of the three devices i suggested CAN support multiple interfaces / or sub-interfaces and routing.

thats all you need.

outside == internet
inside1 == vlan x
inside2 == vlan y
inside3 == vlan z

now you can come up with better names, with the fortinet device you create policies around the interfaces,
with the ASA you create access-lists and NAT to allow x talk to internet, y to talk to internet, or z talk to y (if you need it)


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top