Network Design Help

davegilmore77 · ‎08-19-2007

Good afternoon Ladies and Gentlemen.

Advice on the following network design would be very much appreciated as I've just had a 2811 dumped on my desk which I have to use to solve the following problem:

2811 with 16 port switch and wireless modules.

WAN will have a static IP address fed by a 10mbps 1:1 pipe.

Can the 2811 assign Different DHCP subnets to each port from the switch?

For Example:

- 192.168.1.0/24 to Fast Ethernet 1/0

- 192.168.2.0/24 to Fast Ethernet 1/1

- 192.168.3.0/24 to Fast Ethernet 1/3

I'm expecting around 300 concurrent users (capped at 256kbps) on the LAN across three different buildings and a transparent Proxy server.

Any suggestions on ideal setup would be appreciated.

Cheers

mihai.gagea · ‎08-20-2007

Yes, it is possible.

First you have to assign ip addresses to each of this interfaces. These ip addresses will act as gateways for each network.

Next you'll have to define 3 DHCP pools. And last you'll have to configure each interface to forward the dhcp broadcasts it receives to the DHCP service. It should look like this:

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.2.1

ip dhcp excluded-address 192.168.3.1

ip dhcp pool LAN_1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

ip dhcp pool LAN_2

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

ip dhcp pool LAN_3

network 192.168.3.0 255.255.255.0

default-router 192.168.3.1

interface Loopback 0

ip address 10.0.0.1 255.255.255.255

interface Fast Ethernet 1/0

ip address 192.168.1.1 255.255.255.0

ip helper-address 10.0.0.1

interface Fast Ethernet 1/1

ip address 192.168.2.1 255.255.255.0

ip helper-address 10.0.0.1

interface Fast Ethernet 1/3

ip address 192.168.3.1 255.255.255.0

ip helper-address 10.0.0.1

This configuration should work, it's not the best you can get but it will do untill you find something else. I'm using a Loopback address for the DHCP service cause a Loopback can never be down. You can use any ip address configured on the router for the "ip helper-address" destination, but you have to make sure that ip is always up.

davegilmore77 · ‎08-23-2007

Thank you for pointing me in the right direction. I have since configured a similar install however I now have a new challenge:

I created VLAN's for each Switch port in the 2800 Route, assigned a gateway IP address for each VLAN and then assigned a DHCP scope to each one.

I now have:

fastethernet1/0 - VLAN2 - 192.168.1.0/24

fastethernet1/1 - VLAN3 - 192.168.2.0/24

fastethernet1/2 - VLAN4 - 192.168.3.0/24

&

WAN: fastethernet 0/0 - 192.168.0.1

Great so far. (I think...)

I have an authentication appliance connected to the WAN interface for billing purposes.

Whenever I successfully authenticate through the Zyxel appliance (yes I said Zyxel), The first authentication works great, however every other connection (from the same subnet)doesn't require authentication.

I think this is NAT and ACL related, Could someone confirm this hopefully with some help?

Thanks everyone... =)

mihai.gagea · ‎08-27-2007

I think it's a NAT issue. You must be NAT-ing the whole VLAN X addresses into one address. And your appliance identifies users by their ip addresses, therefor all hosts from one vlan will be treated like one user, so except for the first one, they will be considered authenticated.

I'm not sure how you can solve this. I have some ideeas but i need more information.

lamav · ‎08-27-2007

Hi:

It seems like youre getting some great help frfom Mihai, but I would like you to post your complete config, if you can, for others' edification. can you?