Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2544
Views
25
Helpful
9
Replies

setup a small private (isolated) network within the current network

Go to solution
mateens
Level 1
Level 1

‎01-04-2019 07:40 AM - edited ‎03-08-2019 04:56 PM

brain freeze.... need help

How can i setup a small network with private ip range within existing network which have public ip range.?

That small network would be on separate switch and would be used to control industrial ovens remotely(over the internet)

As of today web server is in our dmz which can be accessed from outside.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mateens

‎01-04-2019 09:50 AM

If the DMZ and the web server are local to your environment (not going over the Internet) you just need to configure the routing for them to communicate but if the server needs to be accessed over the internet than you need NAT.

Here is a link with the example for configuring NAT:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/260-cisco-router-nat-overload.html

HTH

View solution in original post

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to mateens

‎01-04-2019 09:56 PM

if you like to use private IP address as suggeted other post you need to do NAT.

 

If you like to use Public IP in the same Switch, then extend the DMZ VLAN to new Switch.

So new Devices have Public IP address also.

 

If possible  can you make small network topology of your network, so we get clear picture what devices are in the network and how they connected.

 

if simple as mentioned other post URL, then that is the bestway for your requirement.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

9 Replies 9

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-04-2019 07:42 AM

You can do with another VLAN configured in the exiting network and extend that VLAN to new Switch.

 

is this make sense ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
mateens
Level 1
Level 1
In response to balaji.bandi

‎01-04-2019 08:09 AM

How can web server communicate with the devices on the private network?
0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mateens

‎01-04-2019 08:14 AM

The private network will not communicate with anything on the Internet unless you configure NAT on your edge router or firewall.

HTH

Go to solution
mateens
Level 1
Level 1
In response to Reza Sharifi

‎01-04-2019 08:54 AM

Devices in the private network just need to communicate on some port with the webserver living on a public ip address in the dmz. Nat between the private network and webserver?

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mateens

‎01-04-2019 09:50 AM

If the DMZ and the web server are local to your environment (not going over the Internet) you just need to configure the routing for them to communicate but if the server needs to be accessed over the internet than you need NAT.

Here is a link with the example for configuring NAT:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/260-cisco-router-nat-overload.html

HTH

Go to solution
mateens
Level 1
Level 1
In response to Reza Sharifi

‎01-04-2019 10:07 AM

Thanks for replies....
The webserver has a public ip open for https from internet.
Devices which will connect with the new switch will get ip addresses from that new switch and will get a gateway in the same private ip range.
If i connect that new switch with existing switch in the network with runs all public subnets, what are my options to make the devices on the new switch communicate with the webserver?
Devices do not need to go to internet. They just need to connect with webserver(locally) on some port to be managed.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to mateens

‎01-04-2019 09:56 PM

if you like to use private IP address as suggeted other post you need to do NAT.

 

If you like to use Public IP in the same Switch, then extend the DMZ VLAN to new Switch.

So new Devices have Public IP address also.

 

If possible  can you make small network topology of your network, so we get clear picture what devices are in the network and how they connected.

 

if simple as mentioned other post URL, then that is the bestway for your requirement.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
mateens
Level 1
Level 1
In response to balaji.bandi

‎01-06-2019 05:49 AM - edited ‎01-06-2019 10:57 PM

2019-01-06 02.28.14 pm.jpg

 

 

This is the current topology:

- Webserver in dmz is connected to ovens which is accessible from internet to control them i.e temp, start/stop etc...

 

Required :

- New switch was needed to connect more ovens.

- New controller would be connected for better controls.( not managed by me).

 

-Keep the Ovens network as isolated as possible from production while web server still be accessible from the internet for remote mgmt.

- Web server can me moved

 

Hope this makes things clearer...

0 Helpful

Go to solution
Andrew Khalil
Spotlight
Spotlight
In response to mateens

‎01-05-2019 03:37 AM

Hello Mateensaadatbaig,

Greetings, 

 

Usually the DMZ is a zone that have a middle security level between the Private ( INSIDE Zone) that should have the highest security and the Public (OUTSIDE Zone) that should have the least security! 

 

The idea, that the highest security zone can reach any less security zone while the opposite is not! 

Usually we are doing such a job by means of a firewall.

Through that firewall, we are arranging the areas as well as the policies where you can define what host or network can be reached from what host or network, etc.

 

Maybe I don't fully understand what you are planning to do! so if you will provide us more details including what devices you have in your project so that we can set the hardware limitations or features availability in our account during the designing! 

 

Please, don't forget to rate any helpful responses! 

Bst Rgds,

Andrew Khalil

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card