went to learntosubnet, still have ?

[RingReaver]

Unfortunately, I do not have the time to get up to speed on TCP/IP before I need to implement an addressing scheme. So if someone would be willing to proof my conclusions, it would be greatly appreciated.
I’m managing an educational network of just 100+ PCs. After visiting learntosubnet.com I know I have 1 physical network segment. I would like to install equipment that would allow me to subnet the educational part of the network from the administrative side to gain a little privacy for the admin side. There is no real security. I’ve got Win98 boxes and no server. I think I know enough that we need a server with all the computers we have, but don’t know enough to argue for it. <sigh> But that’s another issue.
Our internet connection comes in wirelessly, goes through our router and gets re-broadcast across campus to the labs and to the admin building. One admin office connects directly via a switch to the network. So it would seem that I could put a router behind the AP in Admin and a router behind the AP for the Labs and then subnet away. I don’t quite know what to do with the odd Admin office that is cabled. But I have two problems: 1) behind the AP for Admin is the Library that needs to be on the Lab subnet (can you run traffic from one subnet over another) and 2) I can’t seem to find out what type of equipment I need to “bridge”? these subnets to the original (incoming internet signal) router.
Someone please un-tangle me! <smile>
God hates me and the Devil doesn't want the competition.. -Phage Devlin

 

[Morsing]

You should really go to your manager and demand a network training course.

I'm not sure what you mean in question one but the answer is: yes you can.

For your second question you need a router.

Again, if you're actually going to do all this planning and installation yourself, you'd (and your company) be better of with a course.

Cheers Henrik Morsing
IBM Certified AIX 4.3 Systems Administration

 

[RingReaver]

Manager! We don't need no stinking Manager! <lol>
I know it'll make you cry, but I'm it. I'll ask myself tomorrow!
But in response to your answer to 1: Then I will need 4 routers: 1 where the internet comes in, 1 that the Admin WAP plugs into, 1 for the Library, 1 that the Lab's WAP plugs into.

For your answer to 2: To connect the subnets up to the internet access router I would use port forwarding? I can't point to it as the gateway from all subnets right?

I still don't know what to do with the Admin office that plugs directly into the switch. It seems silly to get a router for that, but if I want to subnet and I understand it correctly, I'll need to.

Thank you for the info. I am fairly quick on the uptake and am plowing through a book on networking as we speak, but they want a plan now, not in the couple of weeks it'll take for me to get a handle on it. (of course, by &quot;handle on it&quot; I mean just enough know-how to totally mess things up) God hates me and the Devil doesn't want the competition.. -Phage Devlin

 

[wybnormal]

We have several sources of information on our site. All free

There are several good books on IP addressing but one in particuler is TCP/IP Addressing 2nd edition by Buck Graham. Lots of useful info.


MikeS
Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu

 

[pansophic]

RingReaver,

If you buy a router with multiple interfaces, you can do all of your routing in a single box, which will make your management much easier.

Yes, you can run 2 subnets over a single physical media, however you will only have a logical separation of traffic. Each computer will receive all of the packets on the physical media (unless you are using switches) and will simply drop the packets not intended for its subnet. Unfortunately, a sniffer application will fix that, and make all packets available.

Your router can easily &quot;bridge&quot; the library with the lab. I would personally put the lab and the library on separate subnets, with a route defined to allow traffic between them.

You can use Access Control Lists (ACLs) on the router to provide a limited amount of control over which computers may talk to which computers, but you really have no security whatsoever.

Please use an RFC 1918 compliant addressing scheme. If you implement it now, it will save you a great deal of pain down the road.

Good luck!
pansophic

 

[Brionbel]

Questions:

Do you want internet (outbound) access from all (100+) pc's?
Do you want the internet to access ANY of the PC's?
(Major Security Issue!!!)
Isolating LANs (locally) is simply a matter of custom subnetting a local private address; say 172.168.0.0 255.255.0.0; into several subnets. Masking bits used in the third byte are inversely proportional to how many hosts-per-subnet you can get. With only 100 PC's in the entire org., you can do this easily with a mask of 255.255.240.0 This gives you 14 nets with 2 &quot;to the twelth minus two&quot; hosts (4094)per subnet. That should give you plenty of host space.

Set up a single router with as many interfaces as you require subnets. Put this inside as a direct connection to the WAP router. Route traffic between the subnets appropriately with access-lists (filter statements). that cause certain traffic to be allowed or denied based upon source or destination network/host ip address.

This can be done easily with a small server (Win2k) running Routing and Remote Access with at least 4 interfaces. Set it up to NAT internal address outbound to the Internet (or NOT). You should have some kind of access server if for nothing else then to create and maintain system and user policy for the Winxxx client environment. A Win2k Domain Controller is great at this. It allows a single logon for all clients from any computer, restricts access to certain computers from certain users, etc.

And yes, by the way, take a course...

Just a thought....