Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco Newbie

Cisco newbie after some advice.

We currently run a small network of around 200 pc’s and a handful of servers across a 193.xxx.xxx.xxx 255.255.255.0 IP range & subnet.

Our gateway is on a vlan 193.xxx.xxx.1 which is connected to the rest of the building and other depts.

Our internet goes through the vlan via a proxy:

172.xxx.xxx.xxx:8080

Due to some recent unpleasant attacks involving blaster worms, I was wondering if the following is possible to implement.

I would like to keep the servers on the 193.xxx.xxx.xxx IP range and run the workstations on a 255.0.0.0 subnet if at all possible. This would allow me greater scope for assigning new IP’s and workstations across the network and allow me to block certain ports i.e. port 135.

The network is based on Active Dir on Win2k3 machines with workstations all running XP PRO.

I have been given 2 Cisco 2600 routers to try and implement this task, was just wondering if I am way out of line even attempting this.

The main priority is allowing access to AD and also the proxy server.

Any ideas comments most welcome.

Many Thanks

Chris

2 REPLIES
VIP Purple

Re: Cisco Newbie

Hello Chris,

when you use 193.x.x.x/8 and 193.x.x.x/24 on the same network you will have a problem with overlapping address space. I would subnet the range into something smaller, like 255.192.0.0 (which would give you roughly 4 million hosts per subnet) or 255.224.0.0 (which equals roughly 2 million hosts per subnet). I guess the rule to follow is to make the subnets as small as possible because that gives you more flexibility in the future. If you create two large subnets that cover the entire address space you will have to renumber everything later in case you need a third or fourth subnet.

With your two 2600 routers you are ok, you could even use just one and work with secondary addresses on your (Fast)Ethernet interface.

HTH,

Georg

Community Member

Re: Cisco Newbie

Many thanks, I am going to give it a whirl using a smaller subnet for the workstations and keep the servers and web services on the 193.xxx.xxx.xxx IP range.

Should be interesting to see if all goes to plan, but I will implement it on our test lab first before going live.

Many Thanks

Chris

79
Views
0
Helpful
2
Replies
CreatePlease to create content