We currently run a small network of around 200 pcs and a handful of servers across a 193.xxx.xxx.xxx 255.255.255.0 IP range & subnet.
Our gateway is on a vlan 193.xxx.xxx.1 which is connected to the rest of the building and other depts.
Our internet goes through the vlan via a proxy:
Due to some recent unpleasant attacks involving blaster worms, I was wondering if the following is possible to implement.
I would like to keep the servers on the 193.xxx.xxx.xxx IP range and run the workstations on a 255.0.0.0 subnet if at all possible. This would allow me greater scope for assigning new IPs and workstations across the network and allow me to block certain ports i.e. port 135.
The network is based on Active Dir on Win2k3 machines with workstations all running XP PRO.
I have been given 2 Cisco 2600 routers to try and implement this task, was just wondering if I am way out of line even attempting this.
The main priority is allowing access to AD and also the proxy server.
when you use 193.x.x.x/8 and 193.x.x.x/24 on the same network you will have a problem with overlapping address space. I would subnet the range into something smaller, like 255.192.0.0 (which would give you roughly 4 million hosts per subnet) or 255.224.0.0 (which equals roughly 2 million hosts per subnet). I guess the rule to follow is to make the subnets as small as possible because that gives you more flexibility in the future. If you create two large subnets that cover the entire address space you will have to renumber everything later in case you need a third or fourth subnet.
With your two 2600 routers you are ok, you could even use just one and work with secondary addresses on your (Fast)Ethernet interface.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...