Dear Senior Fellows
I am system side person but I have an experience in networks too, now I have an opportunity to handle a large network from scratch. This is educational institute and previous network person just leave the job and I join ,I surveyed the hole setup and found lots of issues ,I will discuss my finding and suggested solution please help me in this regard ,It is great honor for me
Current Setup Findings
Main Site Nodes
Remote Site-1 Nodes
Remote Site-2 Nodes
Remote Site-3 Nodes
Grand Total=1050 Nodes
Now it’s a picture of my Computer /nodes ,All three sites are connect with 2 MB link ,All major departments had Cisco 2900 Switch for connectivity ,Further some departments had their own like allied telyson and D-Link for further segregation, In Server Room we Had Cisco layer three 3700 Catalyst and 3500 catalyst switches ,But they are just working as layer 2 devices ,all connections from Departments are just dropped in these switches ,We have PIX-525 firewall which is not in use because it does not have DMZ interface(my staff told) ,No central IP –scheme is defined e.g. some departs on 192.168.x.x some on 172.16.x.x and some on 10.x.x.x network and they get there service from Linux Squid server ,Which is multi home computer one interface is public ip and other has all these IP ranges given to interconnect all these schemes … ,So lots of traffic ,broadcast ,collisions happening ,IP conflicts ,Even people are allowed public IP because public and private network drop on same switch ,Some time public IP gave IP conflicts because someone try to gave public ip on his computer to get fast access from internet ,This is like pathetic condition ,NO vlan ,we had services like EMIAL,DNS,WEB,PORTAL .. They are all given public IP, Remote sites are also getting internet from Main site via 2 MB link, I think it is good bandwidth for these users but lots of complains of network connectivity and slow internet.
Above mention condition is very sad ,But I have to fix all this butt I need proper advise from you people, My plans are like
1-Proper New IP scheme
2-Define VLAN’s On departmental Level
3-Intervlan routing between VLAN through layer three switches
4 Redesign LAN topology
5-ServerRoom Re Infrastructure of switches /router/pix
First of all I want to design new IP scheme, like
Main site = 192.168.100.X
Site-1 = 12.168.200.X
Site-2 = 192.168.210.X
Site-3 = 192.168.220.X
Please convey may best possible solution Step wise or complete
We have taken this type of aproach and it seem to work good and is easy to isolate issue. While there are many ways to do this and some better than others this is what works for us.
Infrastructure IP Addressing
- The first octet, 10., is just the class A private IP address block we choose for our network.
- The second octet, 10.X., is to designate which site or office the IP address range is assigned to.
- Site 1– 10.1.0.0
- Site 2 – 10.2.0.0
- Site 3 – 10.3.0.0
- Site 4 – 10.4.0.0
- And so on
- The third octet, 10.X.X., is to designate the VLAN the IP address is a part of.
- VLAN 2 is Network equipment (routers, riverbeds, switches, etc.)
- VLAN 3 is Servers
- VLAN 5 is Printers
- Desktop and Laptop VLANS are assigned based on floor. We add 100 to the floor number and we get the VLAN ID based on that, for example, the third octet for New York’s 18th floor would be 118, so a user would be 10.15.118.X or you can do this based on department.
- VoIP VLANS are assigned based on floor like the Desktops and Laptops except we add 200 to the floor number. (so that means no floors over 255…J) again this can be done by department
- The fourth octet, 10.X.X.X, is assigned manually or by DHCP depending on the type of equipment.
Here are some examples:
- 10.1.3.55 – this is a server in Site 1 in VLAN3 and it is either named Site55 based on the last octet. Note: servers are the only ones where the last octet means anything, and we name the server so it matches the last octet.
- 10.2.118.54 –This is a workstation in Site 2 on the 18th floor in VLAN118.
- 10.2.218.64 – This is a VoIP Phone in Site 2 on the 18th floor in VLAN218.
- 10.4.5.20 – This is a printer in Site 4 in VLAN5.
- 10.3.2.1 – This is a piece of network gear in Site 3 and is in VLAN2
Hope this helps. Please rate helpful posts.