How can I share one server with two different subnets?

richard · ‎12-30-2010

I have a phone server that I need to share with clients on two different subnets. Subnet A and B have each have their own Cisco 3560G switch, their own Cisco 1841 router and their own Internet connection. The phone server is currently attached to a 3560G switch on subnet A. How can I get the clients attached to their 3560G switch on subnet B access to the phone server on subnet A without involving the routers? Is it possible? One suggestion I had was installing two NICS on the server and assigning each NIC to a different subnet. Regrettably, the server software wont' work in that configuration so I am forced to use one NIC with two IP addresses. Any ideas? Intervlan routing? Trunking? Etc?

JoeKeegan3 · ‎12-30-2010

Without routing your options are pretty limited.

Either two NICs, which you say isn't support or a trunk into the server and have the server have interfaces on both VLANs. This will depend on your OS and I'm not sure why this work, but a second NIC will not.

And of course you need to consider the security implications of doing this. If that server gets compermised then it can be used to access the other customer.

Really you should do this via routing. Have a subnet that both customers can access and use ACLs to limit what traffic can get in and out.

Joe

richard · ‎12-31-2010

Thanks Joe. My server is running Windodws 2003 SP2. My supervisor refuses to let me use a router and insisists that a second NIC will cause issues with the software on the server that the client's use. He refuses to let me install a NIC. So I'll have to look into your recommendation about a trunk into the server with interfaces on both VLANS. On that idea, can you elaborate some? I am still learning about VLANS and would appreciate an example or some guidance on this.

JoeKeegan3 · ‎01-02-2011

Honestly I have never done this with Windows, but here is the direction I would look. First your NIC card has to support VLANs. This might be called VLAN, Trunking or 802.1q support in the NIC's BIOS.

Then the drivers for the NIC will need to be able to configure which VLANs to use and which network is on which VLAN. This would be in a similar place that you would configure NIC teaming, duplex, etc.

Again, routing would be the best way to accomplish this, but I understand that some time the best way is not available.

Best of luck,

Joe

maggot_144 · ‎01-02-2011

If I understood correctly you have two 3560's each going to it's own 1841 and no connection between the switches. I would create a 3rd vlan for servers on one of the sws and connect the server (you could even get your sup to buy you some gbics and place your server on a gig port to avoid bottlenecks). Connect the switches together using the no switchport command on each interface (using gig ports on each side would be nice too) assing an ip address on the same subnet to each interface on both switches and then play with your favorite routing protocol on the switches. You could advertise routes for each subnet at will or use ACL's on either one of the ports to filter traffic from the switch with a single vlan to the one with the client and server vlans. On the switch that has the client and server vlans create SVIs for inter-vlan routing, you can use vlan access maps or ACLs on the SVIs for some filtering too. Don't forget to configure the SVIs for each vlan on each switch and use them as the gateway for your end devices. If your end devices need both access to inter-vlan resources and the internet you can configure the port on each switch going to the router as a L3 port too (on a different subnet than the ones between the sws and for the client and server vlans) and configure a default route pointing to each one of the 1841s on each 3560 or if you prefer use a routing protocol between each sw and its 1841 and inject a default route from the router.

HTH