Re: splitting LAN into segments

snickered · ‎11-15-2005

I have a single router for my LAN running NAT and no routing protocol. It is a very basic setup; the fa interface is connected to a cheap hub and I have a couple of hubs daisy chained together to serve all of my workstations. Recently I setup a VPN server and now I am having second thoughts. None of the computers coming in on the VPN are worthy of being on my network through my eyes (I am terrified of viruses and other buggers).

I have tried to talk my boss into getting a nice switch so I can implement some VLANs but he is lazy. Now I think I want to setup a virtual interface on my router. I just need to make sure that I have my theory correct. Here is what I want to do:

1. Create virutal interface on fa.

2. Configure routing protocol(which should I use for a network of ~60 workstations?)

3. Setup separate subnet for the VPN computers.

4. Setup access-lists to deny VPN computers rights to my existing LAN.

I have a question about 3. Since I have my existing LAN like 10.10.21.0/24 wouldn't it be smart to just make another LAN with another /24 mask? That way I wouldn't have to mess with all of my workstations' IP settings. I am not very good with IOS, so I was wondering what the basic idea is on setting up another subnet. Does anyone have a couple of commands for me? Is my theory correct and a good idea?

-Steven-

glen.grant · ‎11-15-2005

If everyone is on the same hubs then you are not going to be able to what you want without replacing all your hubs with manageable switches that will support trunking and vlans down from the router . You also have to check and make sure the router even supports trunking, not all do , depends on what software you are running . If you want to separate the users , they will be on separate subnets in different ip address ranges so you will have to modify user end station ip nic settings. If you have another ethernet interface on the router then you can create another subnet and then break apart your hubs and put the users you want on the hub , but you will end readdressing the users nics.

snickered · ‎11-15-2005

Thanks. I guess a switch is the only way to go. Would you happen to know if my router supports trunking? Show version gives me the following:

IOS (tm) C2600 Software (C2600-IPBASE-M), Version 12.3(6a), RELEASE SOFTWARE (fc4)

-Steven-

glen.grant · ‎11-15-2005

Not positive but I thought you needed to have at least the "ipplus" version, not sure the base version you have will support it .

ankurbhasin · ‎11-15-2005

HI Friend,

For router to support trunking it should have ip plus feature.

Regards,

Ankur

snickered · ‎11-15-2005

Thanks to the both of you for that information. Now I have another question. If I install this IPPLUS version will it wipe out my configs? I can install IPPLUS on this router, right?

-Steven-

glen.grant · ‎11-15-2005

You would have to check the memory requirements and verify the router has enough to support it . Iplus will be somewhat larger than what you are running . Also you will need a maintenance contract to be able to download off the cisco site . It should not wipe out any config if you upgraded.

snickered · ‎11-15-2005

Thanks for all your help and patience with me.

-Steven-