This board has helped me out quite a bit this week. Thank to everyone who offers assistance.
Where is the best place to learn about vlans? And, off the top of everyone's head, are the 2950 and 3550 switches capable of this? I see that I can have vlans on the switches, but I thought those were port specific? Jeff Johnson Systems Administrator 714-773-2600 Office 714-773-6351 Fax [cid:[email protected]] From: Jason Morris [mailto:[email protected]] Sent: Thursday, December 17, 2009 2:30 PM To: NT System Admin Issues Subject: RE: Need more IP addresses A lot of us on here are Cisco-knowledgeable and should be able to help or bounce ideas off of. Good luck. :) Jason From: Jeff Johnson [mailto:[email protected]] Sent: Thursday, December 17, 2009 4:11 PM To: NT System Admin Issues Subject: RE: Need more IP addresses Thanks for the ideas. So far, I am not in a huge crunch, as I am the one who gives out he devices and I have not to give! I think I have a few weeks to decide how to do this and do it right. The internet router we are currently using is a Cisco 2801 (owned and maintained by AT&T) plugged into a SonicWall Pro 2040 Firewall. From here, I have 8 Cisco 2950 Switches (IOS Version 12.1(9)EA1) plugged into a Cisco 3550 Switch (IOS Version 12.1(9)EA1c) I have a Cisco 1720 (NOT PLUGGED IN) that I own, which was replaced by the 2801 from AT&T. The Cisco 2801 has one item plugged into the FE 0/0 port and nothing else. It looks like I have access to the FE 0/1, but don't know if AT&T will allow it. On my Sonicwall, I have X0 coming in from the router and X1 going to the Cisco 3550 Switch. I have an X2 port which is also unused. Looks like I need to learn about vlans or go to 192.168.1.0/23. Jeff Johnson Systems Administrator 714-773-2600 Office 714-773-6351 Fax [cid:[email protected]] From: Raper, Jonathan - Eagle [mailto:[email protected]] Sent: Thursday, December 17, 2009 1:47 PM To: NT System Admin Issues Subject: RE: Need more IP addresses +1 for Jason. What he describes below is exactly what we do, only our subnet mask is /16. We have vlans for network gear, vlans for wireless users, vlans for wired users, etc. We've actually increased the complexity of our network considerably, largely because of rolling out 802.11n enterprise wide, and needing more granular control of groups of users and equipment. For your situation, I would consider just opening up the subnet mask a few digits if you're in a pain point of needing immediate relief. (Not necessarily all the way to /16, though, because it is easy for tings to get out of control if it isn't planned out well.) Ultimately, I'd seriously consider vlans, even if only to segment a couple of departments and your core infrastructure (Sales, R&D, Manufacturing, Administration, IT/Servers, etc). If you have/get Cisco 3560 or 3750 switchgear with the enhanced image, you can route from vlan to vlan no problem, and you won't need another router to do it. I know Cisco isn't the only kid on the block, but it's what I've got experience with and I know it works. I'm betting you could do the same with HP Procurve or even D-Link, so long as your switch will do routing. Even if it doesn't, there may be a firmware upgrade that will allow you that possibility. You might have to pay for it, but in my opinion it is better/easier than having another piece of equipment to maintain. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA [email protected]<BLOCKED::mailto:%[email protected]> www.eaglemds.com<BLOCKED::http://www.eaglemds.com/> ________________________________ From: Jason Morris [mailto:[email protected]] Sent: Thursday, December 17, 2009 4:08 PM To: NT System Admin Issues Subject: RE: Need more IP addresses +1 for Don. If your equipment can handle it, it's best to vlan the network for both security and saturation. What I do is break down the 10.0.0.0 network like this. 10.1.x.0/24 10.2.x.0/24 10.3.x.0/24 Where the second octect is my site. 1 = HQ, 2 = RemoteSite1, 3 = RemoteSite2...etc. Each of the third octect x is my VLAN at my site. I use 10.1.10.0 to start my user vlans off. Then count up from there, 10.1.11.0. None of my remote sites are big enough to have anything other than 1 VLAn so for support purposes they will always be 10.x.10.0...unless they have voip which I vlan off to 10.x.99.0 at all my sites. I leave everything from 10.1.0.0-10.1.9.0 for me to play with for all servers/services/anything for the company. My suggestion is to spend some time to put your thoughts in a spreadsheet before actually implementing it. Just remember you'll need gateways for the VLANs to talk to each other. You'll also need "ip helper-address" (or non-cisco equivalent) for DHCP stuff. Good luck. Jason From: Don Ely [mailto:[email protected]] Sent: Thursday, December 17, 2009 2:51 PM To: NT System Admin Issues Subject: Re: Need more IP addresses Don't add another router... How much do you know about VLAN's? Can you think of any use for them? How many sites do you have? The quick and dirty solution is to change the subnet mask... The more robust solution might include VLAN's... On Thu, Dec 17, 2009 at 12:49 PM, Jeff Johnson <[email protected]<mailto:[email protected]>> wrote: I am in need of more IP addresses on my network. My current network looks like this: 192.168.1.x 255.255.255.0 I am using 248 IP's currently, so I have very little expansion available. I do see the potential to increase in the following year, so I had better get my butt thinking about this soon. Plus I have Christmas and New Year's holidays that I could work with no one on our network for 3 full days. I am thinking about changing my subnet to something like 255.255.254.0 or 255.255.252.0. Would this be a good way, or would I be better adding an additional router and just creating a new 255.255.255.0 network on 192.168.2.x? I guess my question is which is the "correct" way? Jeff Johnson Systems Administrator 714-773-2600 Office 714-773-6351 Fax [cid:[email protected]] ------------------------------------------------------------------------------------------ The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ------------------------------------------------------------------------------------------ The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<inline: image001.jpg>>
