Re: How do you divide your network?? (do you use vlan??)

[Norberto Meijome]

On Thu, 30 Mar 2006 00:19:52 -0800 (PST)
Mark Jayson Alvarez [EMAIL PROTECTED] wrote:

  I don't want to divide the network by physical topology since users
 frequently transfer to other departments...

 if you add a firewall (pf / ipf /
ipfw) you can control what kind of traffic/broadcast goes where. Of
course, for this you'd need all the different segments to 'terminate'
in a NIC in your pcrouter, rather than all of them together in a
unmanaged switch.

you can get dual and quad interface network cards, so you could have 12
network ports in your pcrouter. then add another one with carp for
redundancy. And dont forget I just gleaned over your email, so I may be
way off the mark ( didn't see any other replies...so I thought at least
I'd get something out there...)

good luck,
Beto
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

How do you divide your network?? (do you use vlan??)

[Mark Jayson Alvarez]

Hi,
 
 How do you divide your network?? Our current setup looks like this. Given all 
switch are unmanaged.
 1 pc router has two interfaces. 1st is the uplink to the internet and the 2nd 
is connected to our private lan switch. Now this private lan switch is then 
connected to each switch of every department..
 
 Network A.)
 
 
 / uplink(public)
   /
 [pcrouter] 
   \
 \   10.10.x.x
   [private lan switch]  \  
 / \   \[dept3 switch]
   / \   10.10.3
   [dept1 switch]   [dept2 switch]
 10.10.1   10.10.2
 
 
 Now the problem we have encountered with this setup are:
 1. mixed broadcast.The pc router has only one private interface which is 
aliased to every subnet. (all traffic pass thru it, don't know whats the 
implication of this)
 2. a user on dept1 switch can use ip addresses that belongs to dept2 or dept3 
making it hard to track down the source in case there's a flooding going on.
 3. When the router died all departments dies. No failover..
 4. Haven't tried this yet, but can I implement DHCP with this kind of setup??
 
 
 Now trying to revise the network diagram, I came up with network B. This time 
the same setup as network A but with failover plus the private lan switch is 
managed, with possible port filtering so that only ip's belonging to a subnet 
is allowed to connect to that particular port.
 
 Network B.)  
 
   :...carp...:
   ::
 [pcrouter1][pcrouter2]  
 \ /
   \  /
 \   /
   \   /
  [private lan switch] --- managed switch with port 
filtering
 / \\
/   \ \-[dept3 switch]  
 [dept1 switch]   [dept2 switch]  
 
 Questions in mind:
 1.  Did it prevent mixed broadcasts??
 2. Again, is it possible to use DHCP since all are still connected to only 1 
aliased interface.
 
  /
 Network C.)/
 [pcrouter] 
 /|  \ 
   /  | \
 [dept1]  [dept2]  [dept3] 
 
 Now in this setup, router will no longer have a single aliased interface. 
Instead, it will  have one interface for every subnet.. Also, I'm assuming that 
dhcp will be close to possible by now. The same with mixed broadcast... 
(although i'm just assuming) it will be easy to prevent??
 
 Problems:
 1. failover was gone.. When the router dies, every department dies.
 2. any other negative implications??
 
 Network D.)
 
  [main uplink switch]
/ |   \
  /   |\
/ | 
\
[pcrouter1]   [pcrouter2] [pcrouter3]
|  |
   |
|  |
   |
  [dept1switch]   [dept2switch] [dept3switch] 
 
 problems:
 1. costly... must maintain a lot of pcrouters (we have more that 3 
departments), no more space in our noc.
 
 Network E.)
 
 Same with network B, but now with VLAN implementation...
 
 
 
 I don't want to divide the network by physical topology since users frequently 
transfer to other departments...
 
 So what do you suggest??
 
 
 Thanks
 - jay
 
 
 
 
 

-
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]