Date: Thu, 30 Mar 2006 00:19:52 -0800 (PST) From: Mark Jayson Alvarez <jay2xra@yahoo.com> To: questions@freebsd.org Subject: How do you divide your network?? (do you use vlan??) Message-ID: <20060330081952.44949.qmail@web51605.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi,
How do you divide your network?? Our current setup looks like this. Given all switch are unmanaged.
1 pc router has two interfaces. 1st is the uplink to the internet and the 2nd is connected to our private lan switch. Now this private lan switch is then connected to each switch of every department..
Network A.)
/ uplink(public)
/
[pcrouter]
\
\ 10.10.x.x
[private lan switch] \
/ \ \------------[dept3 switch]
/ \ 10.10.3
[dept1 switch] [dept2 switch]
10.10.1 10.10.2
Now the problem we have encountered with this setup are:
1. mixed broadcast.The pc router has only one private interface which is aliased to every subnet. (all traffic pass thru it, don't know whats the implication of this)
2. a user on dept1 switch can use ip addresses that belongs to dept2 or dept3 making it hard to track down the source in case there's a flooding going on.
3. When the router died all departments dies. No failover..
4. Haven't tried this yet, but can I implement DHCP with this kind of setup??
Now trying to revise the network diagram, I came up with network B. This time the same setup as network A but with failover plus the private lan switch is managed, with possible port filtering so that only ip's belonging to a subnet is allowed to connect to that particular port.
Network B.)
:.......carp.......:
: :
[pcrouter1] [pcrouter2]
\ /
\ /
\ /
\ /
[private lan switch] ---------------> managed switch with port filtering
/ \ \
/ \ \---------[dept3 switch]
[dept1 switch] [dept2 switch]
Questions in mind:
1. Did it prevent mixed broadcasts??
2. Again, is it possible to use DHCP since all are still connected to only 1 aliased interface.
/
Network C.) /
[pcrouter]
/ | \
/ | \
[dept1] [dept2] [dept3]
Now in this setup, router will no longer have a single aliased interface. Instead, it will have one interface for every subnet.. Also, I'm assuming that dhcp will be close to possible by now. The same with mixed broadcast... (although i'm just assuming) it will be easy to prevent??
Problems:
1. failover was gone.. When the router dies, every department dies.
2. any other negative implications??
Network D.)
[main uplink switch]
/ | \
/ | \
/ | \
[pcrouter1] [pcrouter2] [pcrouter3]
| | |
| | |
[dept1switch] [dept2switch] [dept3switch]
problems:
1. costly... must maintain a lot of pcrouters (we have more that 3 departments), no more space in our noc.
Network E.)
Same with network B, but now with VLAN implementation...
I don't want to divide the network by physical topology since users frequently transfer to other departments...
So.... what do you suggest??
Thanks
- jay
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060330081952.44949.qmail>