Announcement

Collapse
No announcement yet.

Connectivity between Subnets without a router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Connectivity between Subnets without a router

    Hi 2 All the Members of This winder full forum

    Dear Friends
    Its my first post on this forum and hope fully i will get any solution from here.

    My situation/ scenario is that i had three different subnets here in a my educational environment ,I had categorized Subnet A=(10.10.10.*) to faculty systems & Subnet B=(10.10.20.*) to students labs and systems. I had two lease line dropped on my cisco router & after that on switch and all the faculties and students are accessing internet through their respective gateway machines. i.e.
    Faculty Internet Access
    Linux Machine 1=RedHat Linux+Squid Server,eth0 =Subnet A ,eth1=real IP (enable routing on e0 & e1 , open internet access)
    Students Internet Access
    Linux Machine 2=RedHat Linux+Squid Server,eth0 =Subnet B ,eth1=real IP (enable routing on e0 & e1 ,Restricted internet browsing and downloading access)
    Everything fine here but they cannot share any thing from SubnetA to Subnet B and vise versa.I need a solution that these subnets acess each other without changing a lots on client end.
    I will look forwarded for a positive response from the forum soon.


    Tahir

  • #2
    Re: Connectivity between Subnets without a router

    Hi Tshabbir

    What Subnet mask are using currently in your existing subnets?
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Connectivity between Subnets without a router

      When you say "they cannot share any thing from SubnetA to Subnet B and vise versa" do you mean that you cannot see any shares or thay you can see them but not access them?

      Comment


      • #4
        Re: Connectivity between Subnets without a router

        Can you make a drawing? I'm a bit confused asbout your setup.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Connectivity between Subnets without a router

          Thanks 2 L4ndy,joeqwerty,Dumber 4 a quick replies

          I am using

          Subnet -A(faculty systems)
          --------------------------------------
          IP=(10.10.10.*)
          Subnet Mask=255.255.255.0

          Subnet -B(Students labs system)
          ---------------------------------------
          IP=(10.10.20.*)
          Subnet Mask=255.255.255.0

          And these subnets cannot ping each other .

          And diagram is attatched with
          I will wait 4 your replies.
          Attached Files

          Comment


          • #6
            Re: Connectivity between Subnets without a router

            Are subnet A and Subnet B on the same switch and have you created vlans?
            If so, have you configured intervlan routing?

            If not, they can't communicate with each other because they are in different subnets.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Connectivity between Subnets without a router

              It all depends on where subnet A and subnet B were created ? Are they on the same switch ? If so, what kind of gear/switch are you running ? You need to enable intervlan routing, some gear automatically does this.

              Comment


              • #8
                Re: Connectivity between Subnets without a router

                I am not very familiar with the Squid server, so am going to ask you if there is any way you can configure it to allow certain Security groups or user accounts (Depending on what environment you are there) or any other objects that differentiate the two subnets to access certain resources or use certain protocols.
                If its anywhere like the Ms ISA server then that should be achievable.

                If you can do that then do you really need two Squid servers?
                You could use only one configured (If possible) like above and then configure your clients to use that as a proxy server.
                You can then use the Sub Mask 255.255.0.0 for all your IP config and both subnets will be able to communicate with each-other.
                If you must use both Squid Servers, you could still point each subnet to the relevant Squid Proxy server and use the subnet mask 255.255.0.0.
                As I said I am not very familiar with the product and I don't know what else you are using it for but if it'f just as a proxy and you dont necessarily mind using the 255.255.0.0 subnet, then this could be a solution.

                Cheers
                Caesar's cipher - 3

                ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                SFX JNRS FC U6 MNGR

                Comment


                • #9
                  Re: Connectivity between Subnets without a router

                  Ok

                  I have Cisco Catalyst 2950 Switch but i have'nt create any VLAN's except the default.and both switch are on same switch and the spread to the campus through different non branded switches.

                  Ok we are using linux because we have heavy load of users like almost 1000 users/nodes to student squid mashine and 300 users/nodes to faculty squid mashine.We are blocking the requests as network and IP baced not users based.And i think if i will go for ISA server it normally solw down the request more than 200 users.

                  What are your experinces about ISA.
                  Please b in touch.
                  Thanks 2 all

                  Comment


                  • #10
                    Re: Connectivity between Subnets without a router

                    Well the 2950 is a Layer 2 only switch. Sadly enough you can create vlans, but you can't route between them unless you buy an router to setup a lollypop. However I assume you have created a trunk between the Router and the Switch. If the router is also a Cisco device maybe you can use him to do routing into your internal network. I don't understand why you connected an Internet Router (I assume it is the core router) on either the Internal network as the External network.

                    Also about ISA you are quite wrong, however ISA has higher hardware requirements then squid might have. also ISA is quite easy extendable by using ISA enterprise and NLB. Also Squid is just a proxy and nothing more th1en that. You need to use IPtables to make the redhat machines also a firewall.

                    Don't get me wrong, I'm not against Linux, I just know more about ISA
                    Last edited by Dumber; 7th August 2008, 10:21.
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: Connectivity between Subnets without a router

                      The other way you could do it is by using Suppernettig.
                      To achieve that in you scenario would be to use the Sub Mask 255.255.224.0 in your existing subnets.
                      You can try it in a test client in both your subnets and see if it works in your environment. Another thing you'll probably need to configure is the Squid server with the new Sub Mask.
                      Also another important factor would be the Router for inter-routed traffic. It needs to be within the scope of the supernetting in order to communicate with the rest of the LAN.
                      With the new Configuration you'd have two CIDR networks: 10.10.10.0/19 and 10.10.20.0/19 that can communicate with each-other.

                      Cheers
                      Caesar's cipher - 3

                      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                      SFX JNRS FC U6 MNGR

                      Comment


                      • #12
                        Re: Connectivity between Subnets without a router

                        Although the above solution will work I doubt if you really want to do that when you have about 1000 + 300 = 1300 clients.
                        However, I still don't get it how you can have 1000 clients in 2 class C scopes
                        With more then 1000 clients I really would go for subnetting with multiple vlans. Otherwise their will be quite a lot of broadcast traffic on your network and really you don't want to have that
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: Connectivity between Subnets without a router

                          I think by Clients he means network nodes and users combined because as Dumber said it would be impossible on two class C networks.
                          I dont think the broadcast traffic would be an issue in here. Yes, I agree you'd have increassed traffic but not to a certain point that might create a performance problem. You would get extra traffic when you set up the Vlans also.

                          Cheers
                          Caesar's cipher - 3

                          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                          SFX JNRS FC U6 MNGR

                          Comment


                          • #14
                            Re: Connectivity between Subnets without a router

                            Thanks to L4ndy ,Dumber & all the friends.

                            Actually you people are very right but actually i have a worst situation here, I recently join this organization and old System/Network management doing all this mess.
                            Here hardware wise no issue ,Xeon server machines and cisco 2950 switch,cisco 2600 and 3650 routers, PIX 525e firewall, But they are managing it like manual and worst methods because of inexperience
                            The figure was right about 1300 system overall ,the other story is that they are using 192.168.0.0 ip schemes as well on subnet B=10.10.20.0 by doing multihoming on Linux machine as e0=real ip and on e1 =(10.10.20.* network and 192.168.*.* ) schemes on same interface.

                            All this was done because of separation the student and faculty machines and providing securities.([IMG]file:///C:/DOCUME%7E1/tahir/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]).Also one thing to share that no domain/Central authentication system ,all is like standalone/workgroup.

                            When i join ,i really wonder 2 c all this stuff i send a report to TOP management ,Now they are very Much convinced on my points and gave me full hand but with this understanding that keep old settings as well if new one is not successful.

                            So what plans i have.

                            1-Install windows 2003 as domain controller.
                            2-Make group policies for faculty/staff/students
                            3-Configure ISA server for internet cache and forwarding and Linux as Backup in case of down.
                            4-Implement PIX firewall 525E (which is power off first)
                            5-And use these IP schemes for whole new setup
                            Depart1=192.168.10.* subnetmask 255.255.255.0
                            Depart2=192.168.20.* subnetmask 255.255.255.0
                            Depart3=192.168.30.* subnetmask 255.255.255.0
                            Depart4=192.168.40.* subnetmask 255.255.255.0
                            Depart5=192.168.50.* subnetmask 255.255.255.0
                            Depart6=192.168.60.* subnetmask 255.255.255.0
                            Depart7=192.168.70.* subnetmask 255.255.255.0
                            Depart8=192.168.80.* subnetmask 255.255.255.0

                            And i need i sincere advises from all you seniors. and tell me if i am missing something in plan.

                            I will wait for yours experiences.


                            Tahir

                            Comment


                            • #15
                              Re: Connectivity between Subnets without a router

                              I would start a bit different.

                              First of all I would make sure that all my network connectivity is correct.
                              I don't know if you have multiple physical locations or not so start with that.
                              The network is at least the heart of the entire network, so plan carefully and make a drawing how you think it should look like and post it back

                              As an addition:

                              You don't need linux in case of ISA fails. I think you're better off with 2 ISA servers configured in NLB. If one fails, the only users who might notice it are the VPN users. HTTP traffic won't give any problems.
                              Actually I already work quite some time with ISA and I never seen one failing as long as you watch out a bit

                              PIX 525E isn't needed as an additional firewall between the Internet and the ISA servers. ISA servers are very good firewalls and I never found an article that ISA has been compromised. Stick it with ISA or stick it with PIX. I wouldn't recommend to use both. It can give more headace then joy This because of Dual NAT, Double firewall management etc.

                              Just start with a drawing board how you think it should look like. Thinks like AD implementation etc is for the next step
                              Marcel
                              Technical Consultant
                              Netherlands
                              http://www.phetios.com
                              http://blog.nessus.nl

                              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                              "No matter how secure, there is always the human factor."

                              "Enjoy life today, tomorrow may never come."
                              "If you're going through hell, keep going. ~Winston Churchill"

                              Comment

                              Working...
                              X