Trunks and VLANs and Firewalls, Oh my. (Part 1)
Posted 08-07-2008 at 08:44 PM by Bob_McMillen
This week I had the hardest project so far this year. Our project was to re subnet a company in preparation for a merger. Since both companies had some crossover subnets we had to change one side so both sides can communicate.
Changing a subnet is basically changing the IP addresses that the network communicates on to go to a new set of addresses. Since no two IP addresses can exist on a network you have to be careful when you have multiple offices with hundreds or thousands of devices. If you have a street where there are two houses with the same address the postman will go ...postal on one of you. That means one of you will not get mail and the other will get twice as much.
In this case we were to not only change the subnet but also add VLANS so we could have several subnets running simultaneously. The theory was to be able to differentiate the traffic from servers to wireless to workstations.
This is a bit more complicated than the previous scenario. Instead of everyone having a different address on the same long and winding street, you have each house in their own zip code. It will work but it will also cause the postman to take more time delivering the mail.
We decided the network devices like switches, routers and firewalls would run on VLAN 1, which is the default on every one of those types of devices anyway.
The second VLAN will be for servers. The third will be for workstations and wireless, and the last will be for VOIP phones. These types of phones operate solely by the same addressing and protocol that computers run on which is TCP/IP.
See the next segment to read about the good and the bad of what happened next.
Changing a subnet is basically changing the IP addresses that the network communicates on to go to a new set of addresses. Since no two IP addresses can exist on a network you have to be careful when you have multiple offices with hundreds or thousands of devices. If you have a street where there are two houses with the same address the postman will go ...postal on one of you. That means one of you will not get mail and the other will get twice as much.
In this case we were to not only change the subnet but also add VLANS so we could have several subnets running simultaneously. The theory was to be able to differentiate the traffic from servers to wireless to workstations.
This is a bit more complicated than the previous scenario. Instead of everyone having a different address on the same long and winding street, you have each house in their own zip code. It will work but it will also cause the postman to take more time delivering the mail.
We decided the network devices like switches, routers and firewalls would run on VLAN 1, which is the default on every one of those types of devices anyway.
The second VLAN will be for servers. The third will be for workstations and wireless, and the last will be for VOIP phones. These types of phones operate solely by the same addressing and protocol that computers run on which is TCP/IP.
See the next segment to read about the good and the bad of what happened next.
Total Comments 0
Comments
Recent Blog Entries by Bob_McMillen
- Trunks and VLANs and Firewalls, Oh my. (Part 4) (08-07-2008)
- Trunks and VLANs and Firewalls, Oh my. (Part 3) (08-07-2008)
- Trunks and VLANs and Firewalls, Oh my. (Part 2) (08-07-2008)
- Trunks and VLANs and Firewalls, Oh my. (Part 1) (08-07-2008)
- Video Problems with Vista Beta (06-18-2008)
