On May 28, 2006, at 11:49 PM, Atom Powers wrote:



Their main office location has:
- 3 external static IPs on a DSL connection (all aliased on one nic)
- an internal network of 10.0.0.0/255.0.0.0

How many computers are on this network? Probably less than 253. Make
sure your DHCP server is only giving out leases in, say, 10.0.0.1-254
range and then change it to a /24 subnet, or whatever fits your
environment.

Small network--about 20 at the main location, and maybe 2-3 at the secondary location, once it's up.


- a wireless network with IP range 192.168.1.0/255.255.255.0 (nat'ed
and running off the firewall box)

NATed from the 10/8 network too? You may want to just route between
the wired and wireless, it will save you some headaches
troubleshooting things later. Security policies between the networks
should be implemented by the firewall.

Yeah, it was setup this way a couple years ago, and hasn't been changed in the meanwhile. I was thinking it would probably be a good idea to just do normal routing, which it sounds like you've confirmed :)


They are adding a second warehouse location. It will also have one
static IP address (running on dsl also). I'd like to get a IPsec
connection going between the location so all warehouse traffic goes
through the main branch. I've done this much before.

They also want to subdivide up the network at their main location so
some terminals can be on gige and some are on 100. I believe I've
read you shouldn't mix and match 100/1000?

Do you know what your bandwidth usage is? Chances are very good that
the peak usage for the workstations is around 8-10Mbps. In other
words, you almost certainly don't need GigE. Even my file servers,
that service several hundred roaming profiles, peak around 70-80MBps.
Find out what your bandwidth usage is before you go out and spend
several thousand dollars on an upgrade that won't do you any good.  (
I use cacti and SNMP agents to watch my bandwidth usage. )

It's not an issue for most of the workstations, but there are several workstations that do large file transfers (working with graphics, etc) on a regular basis. They support gige already (macs), the fileserver has gige (em interface) and there's an unused SMC switch available. I thought it was more complicated I think.

Assuming you have a switched network, you should have no problems
mixing your 10/100Base network with your 10/100/1000Base network. Even
if you were using hubs you shouldn't have a problem. (Do they even
make 1000Base Ethernet hubs?)


That's good to know. I had been unsure if there were issues relating to MTU issues--like if I enabled jumbo frames (the switch I have available supports jumbo frames, which I had read were good to enable)

I don't really have any experience with how subnetting and IP ranges
should work for a configuration like this (local network, remote
ipsec location, wireless network, etc).

Simple subnetting alone won't *really* separate two network if they
share physical infrastructure. You would need to either completely
separate the physical networks or do something with 802.1q VLANs.
Either way you will need a router.

Looking for any assistance (advice, links, anything!) on how to setup
a sane and well designed network.

Head down to your local privately owned book store and grab the
biggest book on TCP/IP that you can find. Chances are it will be
terribly dry and not very useful, but it is a place to start.

This book is very good, but probably way too technical for what you
are trying to do:
The Protocols (TCP/IP Illustrated, Volume 1) (Hardcover)
by W. Richard Stevens

Thanks for all your advice, I'll check that book out.

thanks,
Scott
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to