Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
240
Views
0
Helpful
2
Replies

Cisco Newbie

chrishop
Level 1
Level 1

‎12-15-2003 10:55 AM - edited ‎03-02-2019 12:21 PM

Cisco newbie after some advice.

We currently run a small network of around 200 pc’s and a handful of servers across a 193.xxx.xxx.xxx 255.255.255.0 IP range & subnet.

Our gateway is on a vlan 193.xxx.xxx.1 which is connected to the rest of the building and other depts.

Our internet goes through the vlan via a proxy:

172.xxx.xxx.xxx:8080

Due to some recent unpleasant attacks involving blaster worms, I was wondering if the following is possible to implement.

I would like to keep the servers on the 193.xxx.xxx.xxx IP range and run the workstations on a 255.0.0.0 subnet if at all possible. This would allow me greater scope for assigning new IP’s and workstations across the network and allow me to block certain ports i.e. port 135.

The network is based on Active Dir on Win2k3 machines with workstations all running XP PRO.

I have been given 2 Cisco 2600 routers to try and implement this task, was just wondering if I am way out of line even attempting this.

The main priority is allowing access to AD and also the proxy server.

Any ideas comments most welcome.

Many Thanks

Chris

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎12-15-2003 11:17 AM

Hello Chris,

when you use 193.x.x.x/8 and 193.x.x.x/24 on the same network you will have a problem with overlapping address space. I would subnet the range into something smaller, like 255.192.0.0 (which would give you roughly 4 million hosts per subnet) or 255.224.0.0 (which equals roughly 2 million hosts per subnet). I guess the rule to follow is to make the subnets as small as possible because that gives you more flexibility in the future. If you create two large subnets that cover the entire address space you will have to renumber everything later in case you need a third or fourth subnet.

With your two 2600 routers you are ok, you could even use just one and work with secondary addresses on your (Fast)Ethernet interface.

HTH,

Georg

0 Helpful

chrishop
Level 1
Level 1
In response to Georg Pauwen

‎12-15-2003 12:35 PM

Many thanks, I am going to give it a whirl using a smaller subnet for the workstations and keep the servers and web services on the 193.xxx.xxx.xxx IP range.

Should be interesting to see if all goes to plan, but I will implement it on our test lab first before going live.

Many Thanks

Chris

0 Helpful
Customers Also Viewed These Support Documents