12-15-2003 10:55 AM - edited 03-02-2019 12:21 PM
Cisco newbie after some advice.
We currently run a small network of around 200 pcs and a handful of servers across a 193.xxx.xxx.xxx 255.255.255.0 IP range & subnet.
Our gateway is on a vlan 193.xxx.xxx.1 which is connected to the rest of the building and other depts.
Our internet goes through the vlan via a proxy:
172.xxx.xxx.xxx:8080
Due to some recent unpleasant attacks involving blaster worms, I was wondering if the following is possible to implement.
I would like to keep the servers on the 193.xxx.xxx.xxx IP range and run the workstations on a 255.0.0.0 subnet if at all possible. This would allow me greater scope for assigning new IPs and workstations across the network and allow me to block certain ports i.e. port 135.
The network is based on Active Dir on Win2k3 machines with workstations all running XP PRO.
I have been given 2 Cisco 2600 routers to try and implement this task, was just wondering if I am way out of line even attempting this.
The main priority is allowing access to AD and also the proxy server.
Any ideas comments most welcome.
Many Thanks
Chris
12-15-2003 11:17 AM
Hello Chris,
when you use 193.x.x.x/8 and 193.x.x.x/24 on the same network you will have a problem with overlapping address space. I would subnet the range into something smaller, like 255.192.0.0 (which would give you roughly 4 million hosts per subnet) or 255.224.0.0 (which equals roughly 2 million hosts per subnet). I guess the rule to follow is to make the subnets as small as possible because that gives you more flexibility in the future. If you create two large subnets that cover the entire address space you will have to renumber everything later in case you need a third or fourth subnet.
With your two 2600 routers you are ok, you could even use just one and work with secondary addresses on your (Fast)Ethernet interface.
HTH,
Georg
12-15-2003 12:35 PM
Many thanks, I am going to give it a whirl using a smaller subnet for the workstations and keep the servers and web services on the 193.xxx.xxx.xxx IP range.
Should be interesting to see if all goes to plan, but I will implement it on our test lab first before going live.
Many Thanks
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide